A newly disclosed smart home breach has consumers and tech manufacturers concerned. Luckily, it appears to be the work of the good guys or “hacktivists.” These cybersecurity experts infiltrate networks and find security flaws to inform the companies so they can fix these problems. In this case, they found a database containing private, sensitive information that all led back to more than one million consumers’ smart home devices.
2 Billion Records Left Exposed
Noam Rotem and Ran Locar from vpnMentor discovered a large database of information that had been left unsecured online. The database belonged to a Chinese smart home management company, Orvibo. This company’s platform allowed users of smart devices like light switches, outlets, and video cameras to manage all of their home electronics. Orvibo had left a database with more than 2 billion separate lines of information open to the internet without any kind of password protection, resulting in a smart home breach.
Anyone who knew to look for it, or who happened to stumble across it online, could find usernames, passwords, reset codes and even video recordings from home cameras. Precise GPS locations to the homes that had these devices were also included in the list, as well as the IP addresses to the homes’ computers.
How It Happened
To understand how this smart home breach happened, just look at other accidental exposure breaches that have made recent headlines. Cloud-based storage solutions like Amazon S3 web servers are automatically set to a “no password,” open default. It is up to the server account’s owner to change that setting and enable a password. In this case, companies have stored massive amounts of sensitive information online but failed to password protect it.
While any data breach has the potential for some kind of harm, this kind of breach allows attackers to literally infiltrate your home through your technology. Smart locks on doors, security cameras, video baby monitors and thermostats are just a few of the devices that a malicious hacker could take over by resetting the device and changing the email address on the account.
Protecting Your Smart Home Privacy
So what can you do when it comes to keeping your smart home safe?
- Password protecting everything at the home level, not just a once-and-done password on your account or internet connection, is a good place to start.
- It is also important to make sure your Wi-Fi router and internet connection are password protected.
- Be sure to, change your passwords frequently and never reuse a username and password combination.
Orvibo recommends that its customers change their device passwords immediately. This is a good idea for all smart home device users from time to time. That way, if someone stumbles on sensitive information online, it will be outdated and less likely to cause you harm.
You might also like…