How Safe Is Your Connected Home?

By Discover Staff | September 1, 2017 2:30 pm


Security experts are both thrilled and anxious about the internet of things (IoT), the ever-growing collection of smart electronic gadgets that interact with the world around them. It includes devices like internet-connected garage door openers, refrigerators you can text to see if you’re low on milk and tennis rackets that offer tips on a better backhand — even smart sex toys. The technology research firm Gartner estimates that 6.4 billion such IoT devices were connected online in 2016, and that number doesn’t include smartphones, tablets or laptops.

But buyer beware: Smart devices prize convenience and novelty, not security. “The challenge with IoT is that the market is so enthusiastic right now — connected devices are super cool,” says Ted Harrington, a San Diego-based partner at Independent Security Evaluators, the company that first hacked an iPhone in 2007. “The problem is that this enthusiasm is really overshadowing the security challenges.”

On Oct. 21, 2016, those challenges burst out of the shadows. Three times that day, hackers launched attacks against Dyn, a company that reads the URL you type in a web browser and directs you to a webpage — a kind of digital phone book. The onslaught persisted for six hours, blocking or slowing access to dozens of prominent websites. This type of event is known as a distributed denial-of-service (DDoS) attack, which means so many devices sent simultaneous requests that Dyn’s system was overwhelmed and broke down. It was the largest attack of its kind in history, but it won’t be the last.

Turns out, IoT played an important role in the Dyn hack. In the aftermath of the hack, security experts determined that the attackers had hijacked tens of thousands of connected household devices, including surveillance cameras, routers and DVRs, directing them to connect to Dyn at the same time. The owners likely had no idea their gadgets were causing the widespread internet slowdown they complained about on Facebook.

The most disturbing part of the hack was its simplicity. The attackers didn’t need coding chops or Hollywood movie-level hacker prowess. Instead, they commandeered devices just by logging in — using the default username and password provided by the manufacturer, which the owners had never bothered to change.

Worse, unsecured IoT devices could lead to personal breaches of security. If someone hacked that connected garage door opener, they could gain access not just to a house itself, but it’s home network as well. In our feature story “Think Like a Hacker” published the October issue of Discover, we explore the darker side of the connected home and why, more than ever, we need good-guy hackers to expose security flaws in these systems to make them safer. But have you taken simple steps to secure your home network? Take this survey to see if you’re on track.

Create your survey with SurveyMonkey

CATEGORIZED UNDER: Technology, top posts
MORE ABOUT: weapons & security
  • Uncle Al

    even smart sex toys
    “Not tonight, I have a ground loop”:

  • CarolAST

    “You’re taking precautions, but you might want to consider a few more tips to increase your home security.”

    Oh really. All I have is one cheap “smart” phone that isn’t really very smart, which is connected to my DSL gateway instead of phone service. Main purpose: listening to a favorite distant radio station when there’s a thunderstorm. So cut me some slack!

    Also, that two-factor authentication they award 5 points for is itself a security risk.

  • Octagon7788

    Yes I can take precautions but my security is also tied to all the companies and agencies out there that have my information and there level of security as well as the third party vendors they share my information with.

    • OWilson

      I’m involved in IT a bit myself but I can tell you that if you sign in to Google, use their Gmail and sync your contacts and calendars accross all your devices, it is very difficult to erase browsing history.

      You can’t just go up to the settings and click on “delete browsing history” an “clear cache, cookies” etc.

      That will not work accross all devices on my phone, home PC and office workstation. My recent searches always show up in the search box. There is some advanced level stuff to do involving signing in and out of your account!

      This coud be embarrasing for some, so be warned!

      Every time they throw a privacy statement at you read it carefully, because they are seriously changing the rule as they go.

      If you have privacy using their products, they can’t make money!

  • jonathanpulliam

    In some states in the U.S., one’s spouse or family member cannot be compelled to testify against one in a court of law, but we’ve already slipped down the “slippery slope” to the point where we let our gadgets rat us out.
    Witness the chips in our cars that record all the ODBII data for posterity.

  • Alan Hubbard

    I just cannot see that much value in a fridge that tells you when you are low on milk. Now, one that buys more when you are low……..

    • jonathanpulliam

      “All your H-Bars are belong to us!”

  • Not_that_anyone_cares, but…

    Safe from what?


  • Colin Campbell

    How many points for having an iot firewall? And I’m configured that any new device that tries to connect to my wifi results in me getting a text message to either deny or allow the device to connect.

  • emmanuelozon

    I install this crap for a living.

    How many smart devices do I own? One; a “smart” phone. Actually I bought a 41 megapixel camera that was attached to a smart phone. I use the camera and the phone, but no internet on the phone.

    How many wireless devices do I own? Zero.

    My home network is hardwired. I have no wifi passwords because I have no wifi.

    I have no internet connected devices except for my computer. The modem is disconnected from electricity when not in use.

    As I stated in the beginning of this rant I install this crap for a living; I will have none of it in my house.

    There is zero security in IoT devices. I won’t even speak if I am in a house that has Alexa in it.

  • Derullandei

    What an asinine survey. A piece of tape over the web cam is your idea of security? Srsly? Hiding the SSID? Get out of here. If you “obsess over your home/network security” yet this is your idea of security, then you’re an idiot, plain and simple.


Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!


Briefing you on the must-know news and trending topics in science and technology today.

See More

Collapse bottom bar