Smart Home devices vulnerable to remote attacks due to weak credentials

• Smart Home devices are vulnerable to attacks due to outdated software, unpatched security flaws, and weak credentials.
• Two out of five (40.8%) smart home devices worldwide have at least one device that is vulnerable to attacks, out of which, 69.2% are vulnerable due to weak credentials.

What's the issue - Smart home devices are vulnerable to attacks

Smart Home devices such as smart TVs, security cameras, gaming consoles, baby monitors, etc are vulnerable to cyber attacks. These devices are vulnerable to attacks due to outdated software, unpatched security flaws, and weak credentials. Avast scanned more than 16 million devices worldwide and published the findings in its report.

By numbers

• Two out of five (40.3%) digital households have five or more devices connected to the internet.
• Two out of five (40.8%) smart home devices worldwide have at least one device that is vulnerable to attacks.
• Out of these, 69.2% are vulnerable due to weak credentials.
• 31.4% are vulnerable due to security flaws and vulnerabilities.
• 31% of devices are vulnerable due to outdated software.

Worth noting - Routers are the entry point to smart home devices.

Routers connect all smart home devices, therefore, a router that is vulnerable to attack poses risk to all the connected IoT devices.

• 59.7% of routers are either vulnerable due to security bugs or weak credentials.
• 59.1% of users have never logged in to their router or have never updated its firmware.

“Routers have proven to be simple and fertile targets for a growing wave of attacks. While many attacks against routers use variants based on the Mirai codebase (which was released by the creator shortly after the successful attacks of September 2016), many are far more complex and point to a murky future for home network security,” Avast stated in its report.

“Not only did we see an increase in router-based malware in 2018, but also changes in the characteristics of those attacks. Where router-based malware has traditionally taken over a device for the purposes of carrying out a DDoS attack, such as the Mirai attacks, today’s attacks use malware to infect a device and open up a line of communication to a C&C (command and control) server,” Avast added.

The bottom line - Smart home devices need enhanced protection.

• Since smart home devices are vulnerable to attacks due to weak credentials, unpatched vulnerabilities, or outdated software, consumers need to be educated on best practices.
• Consumers must periodically rotate their router passwords and must set their passwords to unique, complex, and strong passwords.
• They must regularly update their firmware and must ensure that their firmware is up-to-date.