Smart home devices — including doorbell security cameras, smart assistants and even your smart fridge — have been discovered to have multiple security vulnerabilities.
These vulnerabilities can lead to leaked Wi-Fi passwords and Gmail logins, and further compromise other devices on the same network. Apartment complexes using smart home hubs — electronic keys — instead of traditional locks found that security weaknesses allowed users on the same Wi-Fi network to open any door in the complex.
Most recently, on Nov. 7, Amazon’s Ring doorbells were found to reveal users’ Wi-Fi passwords because of an unencrypted connection.
While many of these vulnerabilities are fixed before being revealed to the public, concerns about exploitability still remain.
Smart fridges, an increasingly popular phenomenon, have had issues with Secure Sockets Layer (SSL) validation, which is used to encrypt a network connection. When this network connection is not encrypted, a malicious user could access the network the refrigerator was hosted on, allowing them to gain access to users’ Gmail login information, or other passwords on the device. Worse, their early software update policies were nonexistent. Users didn’t know when their device would be updated, or what security holes were getting patched.
Any device connected to a home network becomes an immediate security risk. A fridge or a doorbell can be used to compromise an entire home, and all of the devices within it. While losing a Netflix account or a grocery list may not be a big deal in the long run, the long-term implications of losing confidential documents or suffering a DDoS attack can be much greater.
A Distributed Denial of Service attack (DDoS) is an attempt to completely overload a server or network using multiple devices. After compromising one device, like a smart fridge or doorbell security camera, a hacker uses that device to infect others and create a network of “zombie” devices, focused on sending requests to a server or network. This causes the network to lose regular function, restricting network function for normal users.
The more devices you have, the more vulnerable you leave yourself to this kind of attack. Once your work laptop or your smartphone are infected, it can travel with you on your mobile devices and compromise the security of your work network, leaving your workplace vulnerable to a complete network crash and ultimately, financial loss.
In a competitive market, technology companies are racing to get ahead of each other with the next big thing. Rushed software rollout causes unavoidable vulnerabilities in smart home devices: vulnerabilities that are still being discovered.
Until more strict regulations are put into place to protect against security issues, these problems will continue to appear. Often, they will not be disclosed until after the fact.
For now, avoid putting Alexa on your Christmas list, and get a grocery list app if you hate keeping it on paper. If you want front door security, install a traditional security camera. And if you just want to see who’s at the door, use the peephole.