On Alexa, Google Home and cyber threats in home automation

On Alexa, Google Home and cyber threats in home automation
Home automation solutions are becoming more and more popular. The arrival of smart assistants like Google Home and Amazon Alexa has boosted this further with increased convenience and efficiency. However, this has also raised several questions on how secure your private data is. Devices like Home and Alexa function by your voice commands, which means they should listen to what you are saying. But what if a third party were to access these conversations? Worse, what if a third party were to control your appliances, and ergo, your home?

This has been a major cause of worry among cybersecurity professionals lately. Vladislav Iliushin, IoT Threat Researcher at Avast pointed out that the number of connected devices is growing exponentially. According to Juniper Research, there will be 38.5 billion of these devices by 2020. Unfortunately, these devices also come with security vulnerabilities that can put their owners’ data and smart homes unknowingly at risk.

“As helpful as smart speakers such as Amazon’s Alexa or Google Home are, the amount of valuable data these devices hold, coupled with their growing use, make them an attractive target for criminals,” Iliushin said. “Users often link various accounts to their smart speaker and are using the device’s default settings. This seemingly innocent action can have major consequences. Without secure logins, meaning without requiring the smart speaker to verify the action is being commanded by the actual owner of the device, the smart speaker can be abused by the hacker. Manufacturers rely on the local network being secure but once the network is compromised, it is very easy to gain control of smart devices.”

Researchers have recently found a number of vulnerabilities that these smart speakers have and exposed the threats. Apart from traditional hacking concerns, issues like voice masquerading and voice squatting have also surfaced. Some reports suggest disabling Alexa’s feature to send voice files and enabling two-factor authentication could secure the devices. Obviously, keeping up with security updates is crucial.

From Assistants to smart TVs

Incidentally, it is not just smart assistants that can be a security threat. Any smart device can be a potential risk. Fears of smart TVs being hacked, for instance, is widespread. And according to Iliushin, these are legitimate concerns.

“There already have been cases of infecting Android TVs with ransomware which was originally designed for smartphones,” Iliushin said. “With the rise of the Internet of Things (IoT), we see an increase in attacks on smart home devices. It is easy for anyone - including cybercriminals - to scan IP addresses and ports over the Internet and classify what device is on each IP address. Hackers can also find out the type of device (webcam, printer, smart kettle, fridge, and so on), brand, model, and the version of software it is running and compare this to publicly available lists of vulnerable devices to know which of the device is insecure.”

He added that so far, we have seen cybercriminals adding hacked devices to botnets to take down websites, and it is probably just a matter of time until we will see patterns of how hacked IoT devices will be misused to steal money from the users. For example, through credit cards that are connected to a fridge or a smart TV.

“The major issue with security of smart devices, including smart TV’s is that a system is always only as secure as its weakest component,” Iliushin noted. “Any of the devices connected to the network can be an entry point for attackers, if not properly secured.”

Other cybersecurity concerns in smart homes

Currently, a trend among cybercriminals is getting inside IoT devices to later abuse them for DDoS (distributed denial of service) attacks, according to Iliushin. Attackers use DDoS attacks to make a network unavailable by overwhelming the targeted machine with massive amounts of requests sent from multiple devices. Also, with the recent VPNFilter malware which affected routers in 54 countries, we have seen MiTM (man-in-the-middle) attacks designed to inject malicious payloads into web traffic and to steal credentials from poorly encrypted sites like Baidu.

“The current approach in securing IoT devices is more ‘do it yourself’ rather than a properly architected approach – a massive gap which is creating a huge opportunity for cybercriminals,” Iliushin added. “Consumers, for example, can take basic measures to secure their smart devices, but there simply aren’t enough options available to give them full protection at the moment. Telecommunications providers and security vendors are the two players that have an important role in IoT security. By working together, they can solve the consumer’s challenge of how to easily secure their home network and devices connected to it.”

For many systems integrators in the physical security sphere, cybersecurity continues to remain a major problem. For those working in the residential verticals, dealing with smart appliances and assistants will be an increasingly common matter as time goes by. Knowing how to deal with the threats posed by the likes of Alexa and Home will be critical to ensuring proper home security.
Share to:
Comments ( 0 )