GOSHEN COUNTY – We’ve all seen the commercials: A husband is driving on a rainy night when, from his car, he connects via cellular network to one of the latest generations of virtual assistants, telling it to increase the thermostat setting and turn on the lights for his wife, who arrives moments later to a warm, cozy, well-lit home.
They’re advertised to make life easier, hooked in for everything from the above scenario to starting the evening meal, washing clothes and even telling you when it’s time to stop at the grocery store on the way home to pick up bread, milk and eggs. These devices are becoming more ubiquitous, promising to streamline busy lives by putting mundane, every-day chores as close as the tip of a finger on a smart-phone screen.
But, as easy as these so-called “smart” assistants are to use, they could be a way into devices connected to a home network for nefarious people who have less than your best interest at heart.
An internet search on “smart appliance hack” reveals a host of reports of families around the world who incorporate the devices into their homes, only to fall victim to hackers who spy on their living rooms via internet-enabled smart televisions or come home only to find bad actors have turned off their security system by connecting through their stove or refrigerator. An October 2017 story on NBCNews.com reported on a vulnerability in one company’s smart devices that could allow hackers to control everything from kitchen appliances to robotic vacuum cleaners, causing what are billed as home conveniences to trail their owners from room to room.
In a worse-case scenario, those vulnerabilities could yield access to sensitive data, including medical records, banking information and more, stored on a home computer, the researchers said.
And a 2018 study by Adwait Nadkarni and Denys Poshyvanyk, computer scientists at William and Mary University in Williamsburg, Va., found vulnerabilities in the networks and software that drives these devices that actually made burglarizing a home a matter of a few clicks.
“Millions of dollars have been put into devices like security cameras and door locks to make them impenetrable, but people haven’t paid the same attention to low-integrity devices such as light switches,” Nadkarni was quoted in a December 2018 story on the William and Mary website. “You don’t think of your light switch and go, ‘Oh, this is a security-sensitive device.’”
But that’s just what these smart devices can be, said Cody McGrew, network systems administrator at Eastern Wyoming College in Torrington. They can connect to everything through advances in “smart home” technology, but can also open the door to the wider virtual world.
“Anything that’s in your house that pertains to a network is going to be vulnerable, when you don’t have a security network set-up,” McGrew said. “A lot of people are starting to use (virtual assistants) – those are very popular.
“They process requests internally, but they’re also sending commands to an outside network,” he said. “That’s where your problem lies – you’re talking to a machine, telling it to do something, but it has to go to a server outside your house” to interpret and complete those requests.
The William and Mary study looked at some of those “low-integrity” devices and how they could be used to access high-priority systems, including burglar alarms and security cameras. Anyone with a moderate grasp of technological systems, some readily-available equipment and an evil turn of mind can take advantage of vulnerabilities in the system to override that in-home security, the study found.
The most vulnerable, “low-integrity” devices – things people wouldn’t usually think of as posing a security risk – can range from smart locks and light bulbs equipped with computer chips that allow you to control color and brightness from a smart-phone app to large kitchen appliances and entire home air conditioning and heating systems.
“I haven’t hooked up any of these types of appliances in my house yet,” said Eric Fogle from Leithead’s Appliance Center in Torrington, which carries a handful of the “smart” appliances on its showroom floor, appliances which haven’t really caught on around the Goshen County area yet.
“We’re pretty much a retirement community,” Fogle said. “The majority of our clients are in their 50s to 70s, so most people are not wanting to see or not really interested in the new technology.
“The people who come to our store look for reliable appliances they can trust,” he said. “All appliances are starting to move into more electronics, which is something a lot of our customers would like to avoid.”
Fogle said most of the appliances they carry – a washer-dryer set, a dishwasher and a stove, currently – connect either by Bluetooth or Wi-Fi technology to allow a smartphone to control how, and when, they work. And there are some built-in security measures for individual appliances – it typically requires a password to connect the appliances to the apps, for example, he said.
As an added level of security, just like with websites and other password-protected aspects of everyday life, it’s important to select strong passwords people with nefarious intent can’t easily puzzle out, Fogle said.
It’s also possible to secure a general home Wi-Fi network – the in-home hub virtual assistants use to reach out into the world and find us the answers we need – with a little extra technology and software, McGrew said. Putting additional layers of security between the World Wide Web and the home network with additional equipment and firewall software can go a long way toward increasing security, he said.
“You can set it up so only certain (computer) addresses can connect to it,” McGrew said. “That way, you can essentially hide the (wireless) signal. It wouldn’t be seen by other people searching for open networks.”
Individuals with a general knowledge of computers and technology could set up those security measures themselves, he said. For the rest of us, it would mean bringing someone who’s tech-savvy into the home to check the level of security protection and upgrade it as needed.
Common sense can be as important a security measure as added technology, McGrew said. He tells the tale of receiving a telephone call from someone who presents themselves as a representative of the company that produced their computer operating system or the internet service provider. The individual says a virus has been discovered in the hapless victim’s system and they need to access the home computer remotely.
Compliance essentially throws wide the doors for the caller to install any software they want – typically none of which is in the victim’s best interest, McGrew said.
“That’s the biggest problem we see – people hit a rogue website, they get told to call a number and they think they’re talking to Microsoft,” he said. “But it’s not – it’s somebody wanting to get on your computer, lock your stuff down, just to make money.
“The thing is, a lot of people are, ‘it’s never going to happen here,’” McGrew said. “It’s not a question of if it’s going to happen, it’s when it’s going to happen. People seek out that vulnerability because it’s easy prey.”