Can your home device be a threat to you?

Milda Jokubaitė

November 21, 2022


0

Have you ever thought that your vacuum cleaner may not only sweep your floor but also listen to your conversations? Or that your home security cameras might be used by someone else to stalk you? Smart gadgets are making our lives easier, but they can also pose a serious risk to our property, privacy, and even life if they fall into the hands of hackers. If you don't want to become their next cybercrime victim, let's take a look at some of the potentially risky connected devices surrounding you and ways to protect your security.

Man with curly hair and wearing t-shirt stands and works on tablet in his kitchen

Innocent-looking smart toys

AI-powered and internet-connected toys provide much more than just entertainment for children. They boost creativity and develop social, motor, problem-solving, and other skills that can significantly impact their future performance. However, buying smart toys can be a not-so-smart idea – along with bringing kids joy, they can also attract hackers and identity thieves.

Security flaws are common, even in toys from parents’ most-trusted toy brands. Mattel’s Wi-Fi-connected Barbie doll, My Friend Cayla, Fisher-Price’s Chatter Bluetooth telephone, VTech InnoTab Max, Furby Connect doll, and many other toys have been labeled by cybersecurity experts as spying devices. Because of their security gaps, hackers can turn their cameras and microphones on and use them to see and hear everything the toy sees and hears. Moreover, fraudsters can interact with your children, give them orders, extract secrets or collect data, and track their location. In addition, the data collected can be used for blackmail and ransom demands or sold on the dark web or to advertisers.

Spying webcams

The desire to protect your home space from burglars can backfire – you can find yourself being spied on by others. That's exactly what happened to Amazon's Ring and Google's Nest security cameras when malicious actors hacked them to surveil, threaten, and insult people who own them.

In one case, a home’s Ring camera loudspeaker started playing a song that a girl heard, so she went to investigate. When she came into the room where the camera was located, a deep masculine voice spoke to her through the camera speaker, saying that he was Santa Claus and calling her racist slurs.

In another Ring hack case, the virtual intruder harassed a woman, calling her vulgar names and asking her to respond.

Similar situations have also occurred with Nest camera holders. A few families reported that hackers talked to them through these cameras and messed with house thermostats by cranking up the heat.

These are just a few examples of how you can unexpectedly become a victim of cybercrime, which in addition to home security cameras, can happen with baby monitors or even pet cams.

Risky home cleanliness

The truth is that robot vacuum cleaners make life much easier. You can mind your own business while a robot vacuum sweeps your house. Although it may seem that cleaning dust from the floor is its sole task, in the hands of fraudsters, it can have a wholly different purpose as a spying device that may make you a victim of cybercrime.

Researchers revealed that hackers who gained access to a robot vacuum cleaner could get a house map or its GPS as well as record people's conversations by repurposing its LiDAR sensors to act as microphones. In addition, some robot vacuums can enable hackers to take control of the vacuum or even watch the live video feed produced by the device. All this collected data can be sold to advertisers or used by criminals to plan a robbery or other crimes.

Deadly medical devices

It is no longer surprising that we can become victims of cybercrime when our bank card details are stolen or our mobile devices or online accounts are hacked. All this is nothing compared to what can happen when malicious actors hack into medical devices such as pacemakers, implanted defibrillators, drug-infusion pumps, and other health tech gadgets, which can have fatal consequences.

In 2017, the FDA recalled 465,000 pacemakers after the security firm, MedSec, found security flaws that could allow hackers to reprogram the devices and put patients' lives at risk. For the same reason, doctors replaced former U.S. Vice President Dick Cheney's heart defibrillator so it couldn't be hacked by terrorists who might try to kill him. Infusion pumps automating the delivery of medications and nutrients into patients' bodies can also become deadly weapons if hackers increase the doses. Moreover, such hijacked healthcare devices can be used to steal personal or medical records or even urge victims to go to the hospital by sending them false messages about their medical condition, so they leave their houses unattended.

How to protect

While some of the above-mentioned connected devices have no recorded cases of anyone maliciously hacking them, various investigations by cybersecurity experts have shown that the potential for problems exists. Therefore, security measures must be put in place to avoid any possible threats.

  • Don’t recycle passwords. Create complex and unique ones for all your connected devices and accounts.

  • Where it’s possible, set up multi-factor authentication (MFA).

  • Use secure Wi-Fi and make sure its password is hard to guess.

  • If you have a problem remembering different passwords for your accounts, use a password manager.

  • Always keep the software of your devices up to date. Updates patch potential security flaws.

  • When the device is not being used, for example, a vacuum robot or kid’s toy, unplug it or turn it off, so it stops collecting data.

  • If it’s possible to use the device without the internet, disconnect it.

  • Make sure that the smartphone you have connected to your devices is malware free.

  • Stay vigilant, and don’t provide your or your kid's personally identifiable information if it’s not necessary. For example, children's toys can be updated without knowing your kid's age. However, be sure to provide the correct contact details so that developers can notify you of possible updates or security flaws.