A couple discovered that their Nest security system was hacked after their thermostat was repeatedly set to high temperatures despite being adjusted and the hacker started talking to them via the camera. According to the report, the attacker still had access to their smart home devices even after changing their Wi-Fi password, and the disturbances only stopped when they had their network ID changed. In a statement, Google stated that Nest was not breached and the incident may have likely been a result of using compromised passwords. The company also advised users to sign up for additional security verifications to “eliminate this type of security risk.”
Consumers and industries are still discovering where the internet of things (IoT) technologies can support productivity, augment services, and offer convenience. Manufacturers and vendors are riding the wave of demand for these devices, and the breadth of available applications further emphasizes the importance security performs in protecting its users and critical infrastructures.
Trend Micro recently published a research paper on how the cybercriminal underground monetizes data and network intrusions via these IoT devices. Meanwhile, the midyear security report lists IoT attacks as one of the surfaces that cybercriminals use — and will likely continue using — to compromise user and enterprise systems, either for inbound attacks or for attacking other networks as part of a larger botnet.
Looking through another perspective, an increase in temperature in the house or in one of the hacked devices could have caused a fire in the home. Cyberattacks like these can have real world implications, such as loss of property or even life. Users are advised to ensure their devices’ security and detection against unauthorized intrusions as attackers find more ways to compromise systems. Here are a few best practices:
Regularly change your network’s access credentials, and use stronger passwords
Practice password hygiene: Do not use the same password for multiple online accounts
Enable multiple authentication and verification features for devices or online accounts that support the feature
Install a multilayered protection system that detects and blocks malicious websites, URLs, emails, and intrusions from the gateway to the endpoint