When you invite a connected device into your home, you may also be opening your doors to hackers who may want to use your internet connected appliance to attack power grids and other high-profile targets. That warning comes courtesy of security researchers at Princeton University who are worried about the lack of security in smart home appliances.
The team of academics primarily focused on larger appliances such as ovens, air conditioners, and space heaters that offer internet-connected features, such as remote access via mobile apps and connectivity with other smart devices and hubs like Amazon Echo. Those devices, in theory, could be used to create a botnet — a collection of hijacked devices that are used to overwhelm services with massive influxes of traffic that can knock targets offline.
While the researchers didn’t highlight any specific flaws they discovered, they did offer proof-of-concept attacks that show how a threat actor could potentially disrupt electrical grids and other major utilities. The attacks focus on supervisory control and data acquisition (SCADA) systems, which are used to monitor and maintain the many peripheral devices that keep power plants operating.
Such an attack —known as a “Maniuplation of demand via Internet of Things,” or “MadIoT” — could do serious damage to the operation of power grids, and could prove difficult to detect and stop once they start. This DDoS (Distributed Denial of Service) attacks require no real knowledge of how a grid operates, it simply overwhelms them by directing infected smart appliances to send huge amounts of traffic to the systems.
This type of attack is enabled by the fact that most internet-connected devices lack basic security measures. Because many come with default passwords other insufficient authentication checks, it is easy for attackers to quickly find devices exposed via the internet and compromise them without much effort. As many as 70 percent of smart home devices are vulnerable to such attacks, HP found.
Luckily, there are ways to make sure your devices don’t contribute to this type of attack. Some simple best security practices like strong Wi-Fi passwords and setting unique passwords and PINs for connected devices are good first steps for protecting your home. You should also always make sure that devices are running the latest updates and patches to prevent against any security holes.