A range of consumer devices such as baby monitors, home security and web cameras, doorbells, and thermostats have been found highly vulnerable to hacking, according to cybersecurity researchers at the Ben-Gurion University of the Negev.
The researchers said that taking over the devices was no challenge at all.
“It is truly frightening how easily a criminal or voyeur can take over these devices,” Dr. Yossi Oren, a senior lecturer in BGU’s Department of Software and Information Systems Engineering, told The Times of Israel in a report on Tuesday.
“Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products,” said Oren.
“It only took 30 minutes to find passwords for most of the devices and some of them were found merely through a Google search of the brand,” said Omer Shwartz, a PhD student and member of Oren’s lab, in a statement released on Tuesday.
“Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely.”
The BGU team identified several vulnerabilities: similar products under different brands share the same default passwords; consumers and businesses rarely change device passwords after purchasing them, exposing themselves to operating devices that are infected with malicious code for years.
They recommended that manufacturers stop using passwords that can easily be bypassed, disable remote access capabilities, and make it harder to get information from shared ports.
“It seems getting IoT products to market at an attractive price is often more important than securing them properly,” said Shwartz.
There are an estimated 8.4 billion connected devices used globally, projected to reach 20.4 billion by 2020.