When the FBI warned that hackers can use the smart gadgets you have at home “to do a virtual drive-by of your digital life,” it was smart connected gadgets they had in mind. This week’s report into a vulnerability with cheap smart plugs available on Amazon can be added to recent warnings about kitchen gadgets and security cameras.
But there was also a more worrying story this week—one that is much more of a concern. Reports suggested that a home internet router had been remotely attacked, exploiting its factory-set password to hijack an IP address to mask “illicit” activity. In my view, the specific attack alleged in these reports is implausible, but I agree that a router in such a default state is a very serious risk.
I don’t think people even understand what a router does,” warns ESET cyber guru Jake Moore. “Most people don’t want to change the password, let alone go into the settings on the router. Many people don’t even realize there are two passwords.”
And so, the highlighting of this issue this week is critical. Treat your router like your internet “mothership,” Moore says. “Lots of people haven’t changed their ISP for years, and so they’ll have an old router, possible six, even ten years old.” And that means that the security on the device itself is likely lacking, and you probably haven’t been into the settings, updated the firmware or changed the password for years—if ever.
Routers are computers, air traffic control systems for all the connections in your house. And while your WiFi SSID and password enable someone to join you network, that person needs to be nearby. Clearly, the router itself can be compromised remotely.
I have commented before on broader IoT security—give some thought to the number of devices you connect to your home internet, remember, each device is a bridge between your home and the outside world. Think that through.
For those you do connect—including computers, phones tablets, smart toys, kitchen gadgets, appliances, TVs and the rest, change all default passwords, and make each one unique—use a password manager or write them down. Update the firmware and enable auto-updates if…