Smart home devices and so-called “dodgy boxes” that can connect to the internet are at risk of being hijacked and used to facilitate large cyberattacks, a new report warns.
By tapping into unsecured devices commonly found in Irish homes, hackers can potentially spy on occupants and expose them to more targeted – and as a result, more convincing – scams, Grant Thornton Ireland says.
It has issued the stark alert in the wake of what it says was the largest distributed denial of service attack ever recorded. These attacks operate by overwhelming a target with traffic from multiple compromised devices in a way that means normal users cannot access the service.
The attack which took place late last year and targeted multiple platforms only lasted 34 seconds and was launched by a network of infected devices known as Kimwolf, made up predominantly of compromised Android-enabled televisions and TV streaming devices.
READ MORE
It has prompted security researchers to warn that millions of low-cost, poorly secured devices around the world could be infected and remotely controlled by cybercriminals to cause significantly more havoc in the future.
Howard Shortt, cybersecurity partner at Grant Thornton Ireland, says the incident highlighted how cyber threats are not limited to workplace technology equipment, with individuals increasingly being targeted now.
“Many people don’t realise that a low-cost Android TV box in their sittingroom or a cheap smart light bulb can be compromised in seconds,” said Shortt. “Once attackers gain access, they can use that device as part of a botnet or quietly profile the household to support more targeted and convincing phishing attacks.”
He says hackers “typically exploit default passwords, outdated software or unpatched vulnerabilities in internet-connected devices and, once inside a home network, can observe traffic patterns and build a profile of the household”.
Shortt notes that the information gleaned from such cyber snooping can allow criminals to engineer “highly believable phishing messages”.
As an example, he says criminals accessing the content that a user has watched on a particular streaming service can then pose as a streaming provider with a prompt to review a show that has just been watched.
“At that point, the scam is no longer random and much more believable,” Shortt says.
He warns that the risk extends beyond TV devices “with low-cost Internet of Things (IoT) gadgets increasingly being used in Irish households, many with minimal security”.
People should be encouraged to take a proactive approach to home cyber security, Shortt says, starting with some basic steps such as changing default passwords on all smart devices and routers, as well as only purchasing reputable brands from legitimate vendors.
