Smart devices put homes, offices at risk: report

That 65-inch smart TV in your home can be more dangerous than you think.

That’s according to a joint report from Bitdefender and Netgear, which found that the average smart home receives at least 29 attacks per day via connected devices. Streaming devices and TVs were the most vulnerable connected devices, accounting for 25.9% and 21.3% respectively of exposed devices examined by the two security companies. The report is based on threat intelligence from 6.1 million smart homes in the US, Australia, and Europe collected between January and October this year. The average smart home has 22 connected devices, according to the report.

Sneak attack. High port scanning attacks, which occur when cybercriminals send packets to ports to determine server vulnerabilities, were the most common type of attack in the report’s analysis of 13 billion security events. Bogdan Botezatu, senior director of threat research and reporting at Bitdefender, told IT Brew that these attacks are used to determine what device they can target and how it could be compromised.

“They will be able to identify devices this way, and they will be able to identify vulnerable services running on these devices,” Botezatu said. “If they want to exploit the device, they first need to understand what they’re dealing with.”

Smart devices in the office. Botezatu told IT Brew that smart consumer devices have been finding their way into enterprises, but not all companies will have the manpower or the knowledge to know how to securely connect, for example, the new smart fridge in their office.

“They will hook the fridge up to the first network that they own and they will not even consider the fact that that is improper behavior,” he said.

As a result, seemingly innocuous gadgets—smart plant pots, smart TVs, and more—have the potential to expose corporate networks if a vulnerability is exploited, he said.

“They’re nice until somebody stumbles upon a vulnerability, and all of a sudden, they pivot to the corporate network through a small plant pot,” Botezatu said, adding that the predicament isn’t as outlandish as it sounds. In 2017, an unnamed North American casino was hacked after malicious actors exploited a vulnerability in a smart thermometer in a fish tank located in its lobby.

How to keep smart offices safe. Nate Swanner, a program manager, longtime tech journalist, and iOS developer, said companies should “minimize” their use of connected devices by not connecting them to corporate networks.

“Nobody really needs to send their preferred coffee to their Keurig from their desk,” Swanner said. “Get up and walk 20 feet.”

He added that companies should do their research on smart devices prior to buying to ensure they are meeting security requirements.

“Look up if there’s been exploits…There’s plenty of documentation on all these platforms,” Swanner said, adding that companies typically have a developer advocate who can address any concerns.