Home is where the ‘smart’ is. A recent study revealed the average American household has 25 connected or Internet of Things (IoT) devices. The number of consumers who have smart home devices connected to their home internet has grown by 38% since the pandemic began. The findings don’t surprise Brad Ree, the chief technology officer (CTO) of Internet of Things solutions at the ioXt Alliance. Nor do they surprise Adam Laurie, IBM Security X-Force Red’s lead hardware hacker. Ree has more than 80 connected devices in his home. Laurie recently found five connected or IoT devices that he didn’t know existed inside his home. Even more, when he looked at the firewall rules on his internet service provider’s router, the universal plug and play (UPnP) was switched on, adding firewall rules for smart devices in his home unbeknownst to him.
In addition, with the pandemic nearing the rearview window, employees are starting to travel again. This increase also means vacation rental home bookings are up. One vacation home company notes that by the end of March 2021, 90% of its homes in New Jersey and Cape Cod were booked for July. Another company revealed the booking lead time for summer stays at its rental properties is 147 days this year.
Internet of Things Security in Vacation Homes
While renting a vacation home can provide more space for less money, it can also create more attacker opportunities. For example, Ree shared a story about a recent family vacation. He, his wife and kids stayed in a vacation rental home from where he worked for a week. Being the security savvy CTO that he is, the minute he entered the home, Ree performed a port scan to see if anyone else could connect to the network. To his surprise, various past visitors had added multiple firewall rules to the home network. Any one of the rules could have enabled the visitors to remain connected, even remotely. The access also meant if the visitors had malicious intentions, they could compromise Ree’s laptop and potentially his employer’s network.
“You are staying in an open environment,” says Ree. “Don’t assume it is your house. In a vacation rental home, an attacker…