null

Household technology from televisions to doorbell security systems make our lives easier but also provide opportunities for hackers to infiltrate your home network. In one week a home with smart devices could be exposed to more than 12,000 hacking or unknown scanning attacks1 from around the world.

Keeping your home secure from cyber risk is critical. Essentially any device that relies on an internet connection could be vulnerable. In some cases this is because the manufacturer has failed to put adequate cybersecurity safeguards in place due to cost or expediency considerations.

Another reason is the widespread availability of simple scanning tools with the ability to quickly provide intelligence about targeted devices or networks. Cyber criminals use these to observe and/or steal data.

How do home tech and connected devices pose risk of hacker access?

A common entry point for hackers to gain access to devices and systems is via port scanning. A port is a point on a computer where information exchange takes place between programs, the internet and computers or devices.

Port scanning enables hackers to identify weaknesses or openings in a network that can be used to gain access by revealing:

  • the services that are running
  • the users who own the services
  • which networks or services require authentication
  • if anonymous logins are allowed.

Hackers can also use scanning to access the internet protocol (IP) addresses and hostnames of devices connected to the network. This helps them to:

  • 'map' the network
  • determine which operating system and software are running
  • discover potential vulnerabilities
  • identify user account information such as user names and passwords.

Key areas of security vulnerabilities in home smart devices

Some commonly used smart devices have inherent weaknesses that can be exploited by hackers.

  • Wi-Fi router: Most home routers are usually supplied by your internet service provider (ISP). What's important to understand is that they also function as wireless access points, with hidden functions that can allow your ISP to access connected devices.
  • Smart TV: Without encryption your smart TV could be used to intercept onscreen payments, access files and discover other vulnerabilities.
  • Voice-activated home automation device: If such a device is compromised by hackers they can issue their own voice commands or steal voice data to use as credentials for other voice command-controlled systems.
  • Smart lock: If a smart lock on a door is compromised hackers could gain control over who comes in or out of the house, either letting intruders in or keeping legitimate residents out.
  • Storage devices: Network-attached storage devices typically have weak default passwords. Once attackers gain access they could inject malware to infect other devices.

In a connected smart home environment if one device is compromised by hackers it can provide access to all your other devices — and data — on the same network.

If you work for a business that has adopted a work from home or hybrid model this can present a security issue for your employer. If one of your personal devices gets hacked and other devices connected to the same network are compromised that can include the company laptop if it doesn't have adequate security controls.

What security guidelines are there for home device owners?

In 2020 the Federal Government released a voluntary Code of Practice as a step towards addressing the security of smart devices in Australia, containing 13 principles covering government expectations of the manufacturers of smart products.

The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) also developed a complementary Internet of Things guide to help home users and small and medium businesses buy, use and dispose of smart devices securely.

More recently the Department of Home Affairs and the Australian Signals Directorate announced calls for submission for the development of a regulatory Code of Practice, resulting in a summary of the public consultation. Further action to secure smart devices remains under governmental consideration.

How can you prevent your devices from being hacked?

While regulatory measures under development will take time to directly benefit consumers there are key actions you can take to protect your home network and data security.

  1. Change default passwords: A weak default password is one of the easiest ways for hackers to access a device so always change any password that comes with the product you buy, and change the default or weak passwords of products you already own. This can help to avoid a brute force attack (a hacking method that uses trial and error to guess login details).
  2. Change device settings: Make sure that the settings on each device provide strong security, and change the settings if this is not the case. Use multi-factor authentication (user name and password) wherever it's available.
  3. Run updates: Always install any security updates for a product or app so you benefit from the most recent protections.
  4. Encrypt files: Consider encrypting important folders and files stored on your private network to restrict access to only those with the password/key. Once encryption is set up, even if your security software fails, a hacker would find it almost impossible to exploit encrypted data.

How Gallagher can help

A takeaway is that every connected device can be used as a stepping stone to others in a cyber attack. While you can't prevent scanning by hackers, it is possible to minimise the attack opportunities and reduce your chances of being hacked by adopting a proactive approach to cybersecurity. This is just as important in the home as it is in the workplace — especially if the two cross over.

In addition to cyber insurance protection and advice Gallagher offers expertise, advice and resources for building resilience to cyber security incidents.

connect with us


Disclaimer

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312