The Smartest Smart Home Attacks of All Time and the Not-So Smart Devices that Made Them Possible
Smart home hackers have become bolder and more devious than ever. To help you navigate these continuously evolving attacks, we have compiled the most infamous smart home attacks in recent years, just for you.
When Adam and Heather Schreck woke up in the middle of the night to a loud noise coming from their baby's room, it wasn't the usual sound of their 10-month old infant crying. Rushing into the baby's room, the parents soon realised, to their shock and horror, that the noise was, in fact, the voice of an adult male shouting "Wake up baby!" and that it was coming from their baby-monitoring camera.
The worst part? As soon as they walked in, the camera looked away from the baby and at the parents – entirely of its own volition. For a camera that had only been programmed to watch over the infant, this independent action signalled that the baby monitor had been hacked and someone had taken control of it through the Internet.
This shocking incident occurred in 2014 and was sadly only the first of many smart home attacks. It's now 2021, and smart home hackers have become bolder and more devious than ever. To help give you an understanding of the type of attacks impacting smart homes, here's a round-up of the most infamous ones that have taken place around the world in recent years. If you happen to have any of the smart devices mentioned here, you might want to consider beefing up your home network protection, beginning with your router.
The Largest, Most Disruptive Hijack Ever
We've all heard about planes being hijacked in the news, but in October 2016, a different sort of hijack took place. A vast cyber-attack that exploited vulnerabilities in smart DVRs and webcams brought much of the Internet across Europe and the US to its knees, as hundreds of thousands of devices were hijacked in what security experts identified as a distributed denial of service (DDoS) attack using the Mirai botnets.
Put simply, hackers hijacked connected devices like smart DVRs and webcams, then used them to overwhelm servers from Dyn, a company that formerly controlled much of the Internet's domain name system (DNS) infrastructure, with traffic. The result? Websites including Twitter, The Guardian, Netflix, Reddit, CNN and several others in Europe and the US went down for most of the day.
That's right, some hackers are after more than your credit card details and have no qualms about weaponising your smart home devices to achieve large scale attacks. In fact, many feel the Mirai botnet attack was the largest DDoS attack of its kind, and a stern wake-up call to regulators and device manufacturers to develop stronger, more comprehensive smart home IoT protection at the network level.
Smart Heating that Froze Over
Another distributed denial of service (DDoS) attack that made the news in 2016 involved two apartment buildings in Lappeenranta, a city with a population of around 60,000 people in eastern Finland.
This time, the attack targeted systems that controlled the central heating and warm water circulation in the buildings. By forcing the heating systems to enter an endless rebooting loop, hackers effectively cut off central heating distribution to residents, at a time when temperatures in Finland were below freezing. The same system that was developed to support automation and reduce the inefficiencies and inconvenience of manually-maintained heating left residents out in the cold.
Thankfully, once the smart home systems affected had been disconnected from the Internet, heating resumed normal function. It sounds like a simple solution, but that would be ignoring the elephant in the room. As Sami Orasaari, a building maintenance specialist, commented at the time; the real problem lies in people's attitudes to smart device security as many housing companies or private owners do not want to invest in network firewalls, and security in general tends to be lax.
However, it's not just smart central heating that's vulnerable to being attacked. Smart thermostats from reputable brands have also fallen victim to hackers. Online mischief-makers can now take control of your thermostat and turn up the temperature when you're away from home – and you'd be none the wiser until you get a shocking utility bill, that is.
The IoT Gamble that Didn't Pay Off
Although this one didn't technically affect a smart home, this type of attack could easily impact aquarium enthusiasts in their own home. In 2018, a casino was hacked via a smart thermometer in their lobby's aquarium.
According to Nicole Eagan, CEO of the cybersecurity firm Darktrace, hackers used the Internet-connected thermometer to enter the network, "found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud."
Picture that happening to your credit card and social security credentials. All of a sudden, the excitement about making your home smarter doesn't sound so attractive. Luckily, there are a number of ways we can bolster the security of our smart homes against hackers. D-Link's mydlink app, for example, allows users to control and monitor mydlink smart home devices – such as video cameras, smart plugs or sensors – straight from a smartphone or tablet.
Hacks That Could Impact Your Life Beyond the Smart Home
Smart cars – again technically – do not fall within the cozy realm of in-home smart home appliances. Still, as more automakers like Tesla and Ford ramp up their smart car offerings, we think it's worth mentioning this case from a smart, connected household standpoint.
In 2015, security researchers demonstrated as a proof-of-concept how easy it was to hack into a Jeep Cherokee, and take control of everything from the air-conditioning to the windshield wipers. The test-driver noted that although he hadn't touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on his back through the in-seat climate control system. Next, the radio switched to the local hip hop station playing at full volume, and wouldn't respond to his attempts at turning it off.
Whilst the test-driver was attending to these issues, the windshield wipers turned on and wiper fluid blurred the glass. Although the steering wheel and the brakes were not interfered with, other disruptions would have been sufficient to cause an accident. In fact, all a smart car hacker really needs to do is distract the driver with small things like blinding their view with wiper-fluid or rolling windows down against their will. As long as a vehicle is connected to the Internet – like when it's charging in a garage – it becomes a potential gateway for hackers to enter and turn a joy-ride into a nightmare on wheels.
Conclusion
It's easy to dismiss some of these smart home and IoT attacks as improbable scenarios, but isn't that what we all tell ourselves until it happens to us? We all dream of a smart, connected lifestyle, one that makes life easier, and yet as experience has shown, smart home and IoT hackers are more sophisticated than ever and more willing to probe your smart home devices for the smallest weaknesses.
When you are looking to add and set up smart devices in your home, there are some simple things you could think about to minimise the before mentioned scenarios. For example, when choosing cameras to monitor your home or babymonitors, choose pure cloud solutions such as mydlink. These provide end-to-end encryption via the cloud that eliminates the risk of cameras being hacked and access directly from the Internet. Such a solution can also offer a complete smart home ecosystem to let you keep an eye on your home as well as adding other sensors and smart plugs to turn appliances on and off, whether you're in the house or away.
Also, it is always worth updating passwords and firmware to continually renew the protection of devices and changing any default passwords. Older devices often come with a default password set by the manufacturers and are often the same. If not changed, it can make the device extremely susceptible to attacks.
Getting familiar with security controls on your router and configuring it to regulate exposure to the Internet is also an important consideration. For example, simply disabling remote access on your router can stop the possibility of a hacker taking control of it. And of course, make sure you have adequate antivirus and antimalware protection on all the computer and laptops at home, as these can also be a route for the hacker to reach your smart home devices.
Finally, before buying a new device for your home, it can be helpful to understand what kind of features and details are included. Be sure to select devices that incorporate quality and security as the main features. Doing some research on the devices you already own and how they work in connection with your smart home can also be valuable in improving your home's security.
A highly-regarded voice in the networking industry, Neil Patel has spearheaded D-Link's European Marketing and Business Development for nearly a decade.