Forget doors and windows, the easiest way for a crook to break into your home may be through the stainless steel refrigerator in your kitchen, or the big screen TV in the living room.
Modern appliances are increasingly connected to the Internet, and each presents a potential path for savvy hackers to enter your home virtually and steal your identity, bank and credit card information and any other personal information they can use to line their pockets and leave you in the lurch, experts warn. The problem, they say, is that the technology that makes your house smarter - allowing communication between appliances, and even remote operation of everyday devices linked to home networks - has increased faster than the security measures needed to make it safe.
"Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur.”
- David Knight, Proofpoint
“We live in houses controlled by remote interfaces and we move around in vehicles that carry our electronic lives,” said Chris Roberts of the Colorado-based One World Labs, a security intelligence firm that identifies risks before they're exploited. “It has been well documented that the ‘Internet of Things’ is being developed rapidly without appropriate considerations for all the security challenges.”
In one high-profile cyberattack that took place in late 2013 and early 2014, hackers broke into 100,000 consumer gadgets, including a refrigerator, televisions, wireless speakers and media centers, and used the appliances to release some 750,000 malicious emails. Proofpoint, a cyber security company for many of the nation’s Fortune 500 companies, documented what it deemed as the first such attack on “The Internet of Things,” a term for all the devices in a home that have a computer chip, software and Internet connection.
By 2020, Roberts estimates there will be somewhere between 26 and 30 billion devices connected to the Internet. Keeping them safe will require software upgrades and better consumer education, he said. Most tech experts agree the vast majority of consumers don’t understand where their data is stored or who has access.
"Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur,” said David Knight, general manager of Proofpoint's Information Security division, in a statement after the discovery. “Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them."
Televisions and refrigerators aren’t the only concern. Any appliance that connects to the Internet - cable box, thermostat, dishwasher, clothes dryer, coffee maker, smart water meter, toaster, oven, clock radio, garage door opener, security alarms, Insulin pumps, pacemakers, door locks, thermostat or lights - can be compromised. If they are linked to your home network, they can be a portal to your most sensitive information.
“Your nice, new oven or refrigerator can connect to the Internet, it has an IP address, and therefore it is a target,” Roberts said. “Hackers can get access to your personal information, your identity, and your intellectual property, which then can be bought, sold and traded on the Dark Net.”
The Internet of Things holds great promise for enabling control of all of the gadgets used on a daily basis, but also holds great promise for cybercriminals who can use homes' routers, televisions, refrigerators and other Internet-connected devices to launch large and distributed attacks, said Michael Osterman, principal analyst at Osterman Research.
Many of the products connected to the Internet are not going through the same level of testing that cell phones, computers and tablets would, said Ron Gula, CEO of Columbia, Md.,-based Tenable Network Security, one of the nation’s leading cyber and enterprise security firms.
“It seems the new generation of software programmers forgot the lessons of the past 20 years,” Gula said.
But Gula maintains exposure to hackers through appliances pose a much lesser risk than exposure through personal wireless items such as laptops, smart phones and tablets. He also noted much like security updates on phones and computers, appliances “patches” also can be pushed out without the consumers’ knowledge to fix vulnerabilities.
“Everyone is a target. The more information you can store on a name-brand ‘Cloud,’ the better off you will be,” Gula said, but added “If you are too paranoid, you will never plug into the Internet, so you have to keep a balance, and find out who is hosting your data and who has access.”
“For Americans concerned about their privacy, the NSA data grabs are daunting, but what about the data grabs happening inside your own home, perpetrated not by the government, but by your coffee machine?” Levin asked. “Consider every appliance and every piece of home electronics that you own. Does it gather data about how you use it? Does it connect to the Internet? If so, it could be used to spy on you. If those networks are hacked, information about your habits and behaviors could be available to people with nefarious goals.”
Levin suggests a national conversation about how widespread such monitoring has become and safeguards that should be put into place to ensure privacy and security in the homes of all Americans.