Smart Devices: Hacked by a fridge?

“What are they going to do, steal a banana from my fridge?”
That’s what my uncle said when I told him even smart fridges can be hacked. But here’s the thing, it’s not your fridge, or your bananas that they’re interested in. It’s your network.

What is a Smart Device? And why should I care?

Smart devices, also called Internet of Things (IoT) devices, are everyday objects that connect with the internet. This can include a whole range of devices, such as:

• Fridges
• Smart Televisions
• Speakers, lightbulbs, plugs
• Doorbells, security cameras, baby monitors
• Robot vacuums

They’re often overlooked because they don’t appear to be a computer… but in essence, they’re a minicomputer.

Can it really get hacked?

Of course. Many smart devices run on software that needs updating, just like your phone or laptop needs updating. But unlike your phone, most people forget their fridge, doorbell or baby monitor. Attackers don't guess randomly, they use automated tools that scan the internet looking for devices running known vulnerable software.

If a malicious person compromised your fridge, robot vacuum or smart TV, they aren’t interested in changing your fridge temperature, they’re interested in the network it’s connected to, which probably also has your phone, laptop and maybe even work laptop hooked up to the same network. From there, they might be able to steal your saved passwords, spy through cameras or microphones, or use the device as part of a much larger cyberattack. You might never even notice.

It’s like breaking into a house through the cat flap. It's small, ignored, and insecure in that it doesn't lock. But once the burglars are in, they're in.

Real-World Examples

In 2016, a piece of malware called Mirai infected thousands of smart devices, including baby monitors and cameras and turned them into a massive botnet. A botnet is (usually a very large) network of hacked devices that attackers control remotely without the owners knowing.

The devices were then used to launch a Distributed Denial of Service (DDoS) attack to overwhelm and take down major websites including CNN, Twitter, Netflix and Reddit. It all started with small, poorly secured devices that nobody thought twice about and it resulted in one of the largest DDoS attacks ever.

Hackable Pacemakers

In 2017, the FDA discovered a critical vulnerability in certain pacemakers. These devices had a wireless transmitter used to send health data to doctors with the idea that they would provide remote monitoring.

But it was found that a malicious person could remotely access the pacemaker, drain the battery, and interfere with the pacemaker. Sounds like a scene from a TV show? (The Netflix show Homeland actually did this).

So, how do you keep your fridge secure?

You don’t need to go back to the Stone Age. You just need to treat your smart devices like computers - because they are computers.

As always, follow security best practices, which I have listed below:

• Change your default smart device passwords, ALWAYS.
• Keep software and firmware up to date.
• Turn off features you don’t use, such as the microphone, camera, remote access.
• Keep your smart devices on a separate network to your main devices.

You don't need to panic or throw your smart devices in the bin but you do need to treat them like what they are, small computers connected to your home. In cybersecurity, the smallest devices can open the biggest door, and no, they're still not after your bananas.