How Safe is Your Smart Home? Watch How Second-hand Smart Home Technology is Compromising Your Safety

• Hackers reveal how easy it is to spy on your family through your Amazon Echo or Smart Camera.

• Internet security experts vpnMentor mobilized a team of ethical hackers to assess the safety and privacy of some of the most popular smart home devices on the market.

Smart technology has taken the world by storm. 127 million smart home units are expected to be sold in the US in 2018, with the global smart home market expected to be worth $53.45 billion by 2022. With 55% of smart device owners in the dark about how they actually work, could those who bought second-hand smart home devices be welcoming a threat to their families into their homes?

Internet security experts vpnMentor have utilized a team of ethical hackers to uncover the most hackable smart home devices including the first-generation Amazon Echo, a Samsung Smart Camera and the first-generation Ring Smart Doorbell.

vpnMentor have produced a video which shows just how you’re inviting hackers into your home, and how easy it can be for them to access your sensitive information. Disturbingly, the team were able to manipulate all of the devices tested to gain access to your home.

The team evaluated the privacy and security of some of the most popular smart home devices available today in order to assess how safe they truly are. We hired a team of expert ethical hackers to break into these devices and reveal how likely it is that a malicious actor would be able to hack these devices in order to gain access to private information, including in some cases audio and visual footage and sensitive information stored online, such as bank details.

The results were shocking. In all of the devices tested vulnerabilities were found, including critical vulnerabilities in some. For some devices tested it was found that previous vulnerabilities that manufacturers have released updates to fix can still be exploited, particularly in cases where the devices were connected to a private network (such as your home WiFi) and therefore not automatically updating. These issues are also particularly prevalent in second-hand devices.

Amazon Echo – A wiretap waiting to happen?
Their research revealed a critical vulnerability related to the first-generation Echo’s physical design. Hackers were able to open the device up and manipulate it using a specially crafted SD card. This means that malicious actors could live stream audio from its microphone, and remotely use its services.

The video showcasing this in action, as well as advice to protect yourself, is viewable here.

Smart Cameras – Peace of mind or an accessible live feed of your family?
Popular with those looking to stay close to their nearest and dearest, one of the draws of a smart camera is that the feed of your home is accessible anywhere.

Their team of hackers were able to easily access the Samsung SNH-1011 camera feed, tapping into footage remotely. The team were able to successfully complete a password reset without knowing the original password. Disturbingly, it was also possible to establish the smart camera’s IP address and gain full control over the wireless camera.

Smart Doorbells – Who are you letting in?
The Ring Smart doorbell video-calls your phone or tablet whenever someone rings, meaning you can answer the door from anywhere.
With a small physical manipulation, the first-generation doorbell can be turned into an unprotected Wi-Fi access point. If this wasn’t worrying enough, the team discovered a web address which revealed all the passwords of the users’ home Wi-Fi network, allowing access to sensitive personal data.

Keeping Cyber Criminals At Bay
With such terrifying findings, vpnMentor wants to highlight just how simple it is for your home to be targeted by malicious hackers.

However, the experts at vpnMentor have compiled a list of recommendations to protect users from becoming an easy target:

• Always research a product, and any existing security threats to it, before you buy.
• Only buy your smart gadget from an officially certified source.
• Be aware of any signs of physical intervention with the product.
• Directly address the seller if you or someone else has identified any major misconfiguration.
  Make sure your smart device is properly configured and regularly updated.
  Keep your externally facing smart devices on a separate network.

Ariel Hochstadt, co-founder of vpnMentor and former Google Marketing Manager and Head of Research at vpnMentor, commissioned the research. Ariel Hochstadt said: “If you are going to introduce smart technology into your home, it is important that you remain attentive with your devices to ensure that only those you trust have access. By following our set of simple rules you can ensure the best security practices have been met and saving you from becoming an easy target for crime.”

If you want to know exactly what our expert team of hackers found for each device, how they found it, and how you can protect yourself and your family – you can also download the full whitepaper.

For more information on cybersecurity, and how to make sure your devices are protected, you can read the full vpnMentor guide here. You can also watch their video investigation here to see how one unsuspecting family was affected after their devices were hacked.

Note: All devices mentioned were purchased and hacked by a team of ethical hackers in March-April 2018. Full details can be found in the whitepaper. Although all hacks took place in real-life, the scenes depicted in the video are a reconstruction of a scenario that would have been possible with the vulnerabilities uncovered.