Business, Features, Security

Your smart home devices are a prime target for cyberattacks

Robin-Leigh Chetty

6th October 2023

Home is where the heart is. It is also where cybercriminals are, as people working from home became an attractive target for cyberattacks during and post-pandemic. The household continues to be a cyber battlefield, and now attacks on smart home devices are on the rise in South Africa.

This is but one of the insights that cybersecurity specialists Trend Micro shared during its latest Mid-Year Cybersecurity Threat Report that it unpacked for local media media this week.

We were in attendance at said unpacking, and the numbers are a real cause for concern.

According to Trend Micro, smart home networks (SHN) have gained significant traction in South Africa over the past few years as an attack vector for bad actors. In fact, during the first half of 2023, Trend Micro says it detected more than one and a half million inbound SHN attacks in South Africa.

When asked about what types of smart home devices cybercriminals are targeting, routers were named as the main port of entry. While most routers sold by ISPs today have some sort of security built-in, it may not always be enabled or properly configured, Trend Micro told us.

“The main one is the WiFi router. As it’s connected to the internet, that’s the one that hackers can see and start hammering from the outside in terms of brute force attacks trying to authenticate to it. That’s sort of your first line of defence in terms of what you have on that router,” explained Russel Young, cloud solutions architect at Trend Micro South Africa.

“That’s kind of the top billing for hackers. From there they can move to other devices on your home network. So that [router] needs to be your first line, and then anything that’s connected to the router has some sort of security protection to it as well,” he emphasised.

As for other smart home devices, when posited with something a little more obscure like robot vacuum cleaners, it turns out that these too pose a vulnerability, particularly as they often connect to your home WiFi in order to operate, as well as featuring a camera onboard much like a smart IP camera or household security camera does.

“If it’s connected to the internet, and it’s vulnerable because you have not done any system patches that you’ve been supplied with, it is definitely a target. A few years ago baby monitors was a huge instance where they were hacked as well and from there hackers could monitor the whole house,” warned Young.

“When people install cameras in their home, they usually use admin/admin as the username and password. There are websites available where you can use admin/admin to log into someone else’s camera,” Zaheer Ebrahim, solutions architect for MEA at Trend Micro highlighted.

“That’s not the only use for the hack though. They can be used to create a bot army, so all smart home cameras with the default username and password of admin/admin, are used as part of a bot army and target other customers. If you have a million cameras with this same admin/admin vulnerability, they can be a part of this bot army and used to attack a bank within the environment,” he illustrated.

As a good port of call then, Trend Micro advises South Africans to ensure that there is some multi-layered security enabled on their smart home network, as well as the smart home devices that are used within the household, particularly as these inbound attacks show no signs of lessening in the coming months and years.

To check out the Trend Micro Mid-Year Report for yourself, head here.

[Image – Photo by charlesdeluvio on Unsplash]

About Author

Robin-Leigh Chetty

Editor of Hypertext. Covers smartphones, IoT, 5G, cloud computing and a few things in between. Also a keen photographer and dabbles in console games when not taking the hatchet to stories.