Researchers at Israel’s Ben-Gurion University have revealed that off-the-shelf smart devices like baby monitors, air conditioners, robot floor cleaners, cameras and doorbells can be corrupted by malware and used to spy on users.
In a paper appearing in Smart Card Research and Advanced Applications, Yossi Oren of Ben-Gurion University’s software and information systems engineering department revealed that almost any nonstandard computing device that can connect to a wireless network can be used to transmit data.
The senior lecturer noted that many web-connected devices “lack even basic security protections such as secure password authentication,” and that thousands of “Internet of Things” devices are infected with malware, with many more left vulnerable.
The researchers conducted a test and were able to reverse engineer several home devices using low-cost methods, uncovering serious security issues.
“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” said Oren. “Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products.”
The BGU researchers discovered that the same default passwords are used for similar products sold under different brands, and that consumers and businesses rarely change them after purchase.
The paper urged consumers not to buy used devices that could already have malware installed and to change passwords after purchase.