Skip to Main Content
Illustration of smart home devices in a kitchen

These are the two most hacked devices in smart homes

The internet of things (IoT) is growing exponentially, as more and more devices are connected to the internet. On a global level, there are already more connected devices than people, and the number of IoT devices is expected to reach 41.6 billion by 2025, according to IDC estimates provided by ZDnet. While manufacturingautomotive, and health are the main industries driving IoT growth, “smart” consumer electronics are also making their way into our lives and our homes. 

Smart homes, or connected homes, are equipped with Wi-Fi-enabled entertainment systems, home appliances, security devices, and other devices connected to the internet. In the United States, there are approximately 42.2 million smart homes. According to Statista, the market size of connected homes is growing at approximately 12% per year and the penetration rate of smart home tech in U.S. homes is expected to reach 53.5% by 2023, up from 33.2% currently.

 

Smart home trends

 

The Consumers Electronics Show (CES), one of the largest global tech events, took place online this year. While the COVID-19 pandemic prevented companies from interacting directly with consumers and tech enthusiasts, it also accelerated tech development. Companies raced to pivot and cover new areas, developing disinfecting robots, air filtration systems, smart masks, and improving highly demanded products. As people spend more time at home, home entertainment systems, smart TVs, appliances, and other devices designed for home use got various upgrades. From integrating UV light sanitizers into home appliances to smart faucets that can be turned on with voice commands and desk chairs with integrated heating, almost all products at CES 2021 tried to address the challenges posed by the COVID-19 pandemic.

While smart TVs got a lot of attention in previous years, this year they stole the show. TV sales have risen during the pandemic and manufacturers are diversifying their product offering. TCL announced its next 6-series QLED TVs with 8k resolution, Sony announced its A90J OLED TV series powered by its new Cognitive Processor XR that uses AI and machine learning to improve image and sound quality, and Samsung unveiled its new line of QLED TVs, called Neo, also powered by a powerful AI-enabled processor.

The new tech behind the next generation of smart home devices is impressive, but we have to remember that new tech also brings new challenges and potential cybersecurity risks. As a general rule, any device that can connect to the internet can be hacked, even a coffee machine“If you connect it, protect it!” has become a motto of cybersecurity experts worldwide who try to raise awareness over the cyberthreats lurking in our homes. What are the main cyberthreats and which smart home devices are affected?

 

Cyberthreats affecting smart TVs

 

Like any Wi-Fi connected device, smart TVs can be hacked. Smart TVs have integrated browsers and this is a gateway for malware typically spread online, as well as social engineering attacksIn 2016, LG Android TVs were affected by a version of the Cyber.Police (FLocker) ransomware. In 2018, the worm ADB.Miner targeted Android-based smart TVs and hijacked them with the goal of mining cryptocurrency for hackers. Users who download software from unofficial sources expose themselves to even more risks. Furthermore, the integrated camera and microphone can be hijacked and used by cybercriminals to spy on users. 

The threat landscape has become so complex that even the FBI warned smart TV users of cyberthreats targeting these devices. To secure your smart TV, make sure you install the latest firmware updates, as they usually include security patches, and download apps only from official sources. To avoid tracking, disable the camera when it’s not in use or simply cover it with tape.

 

Cyberthreats affecting smart home speakers

 

Smart home speakers such as Amazon Echo or Google Home pose numerous security and privacy risks. From security vulnerabilities exploiting the Bluetooth connection, such as BlueBorne, to malware integrated in apps, cybercriminals can exploit the vulnerabilities in communication protocols, in web interfaces and apps, or firmware.

Check Point researchers managed to hack Amazon Alexa, the AI powering Amazon’s wide range of smart home speakers. By sending a malicious link to a target user, researchers managed to access all personal information on the device, including banking data, extract the voice search history, and make changes to the skills (apps) on the device. This was possible by exploiting vulnerabilities in certain Amazon/Alexa subdomains that were prone to Cross-Origin Resource Sharing (CORS) misconfiguration and Cross Site Scripting (XSS).

 

Please accept personalization cookies to watch this video.

 

When it comes to privacy, smart home speakers have sparked a lot of debates. AI assistants are very good listeners, ready to respond to your requests all the time. Although they are usually activated by a wake-up word, they are often activated accidentally by users. They always gather data to improve their predictions, and this data is stored in the cloud. With the default privacy settings, the recordings of your voice commands and search queries can be used to improve the service, mostly for improving the voice recognition AI, sometimes with the help of human reviewers. The data is can also be used to build a more complete user profile to deliver personalized ads. If you are concerned about privacy and do not wish to be targeted with personalized ads, you have to opt-out of data sharing.

But the biggest concern is that smart home assistants receive and store data from all other smart home devices. Starting with 2019, Amazon and Google are requiring status-change updates from all devices controlled via their digital voice assistants. For example, when you turn on your smart light bulbs, your smart home assistant will be notified of the change. If a pattern is detected, your smart home assistant might ask you if you wish to turn on the light at the time when you usually take this action. This functionality, promoted by Amazon under the name of Alexa Hunches, is meant to provide increased convenience. However, convenience may put our privacy at risk. Before requiring a continuous stream of data from connected devices, smart home assistants were supposed to first ping the connected device and check its status, and only then send the command. For privacy-minded individuals, as well as smart home device manufacturers, the latter course of action is less intrusive.

 

 

Smart home devices undoubtedly have many benefits, and it’s up to users to make sure they take the necessary steps to secure their devices and protect their privacy. Avira offers the tools you need to take control of your digital life. Avira Home Guard helps you secure your smart home network and Avira Free Security protects you against all types of malware. With a powerful ally like Avira, you can enjoy the benefits of smart home devices without compromising your security and privacy.

Avira logo

Secure your devices with Avira Free Security