EXCLUSIVE: Cybersecurity Expert On Protecting Your Connected Home
Exclusive: Chief Operating Officer of Verimatrix, Asaf Ashkenazi, has revealed the complex processes malicious hackers take to gain access to your private information – through virtually any device in your connected home.
With global tech giants, including Sony, Samsung and LG, unveiling new smart products that are set to be a part of your connected home, its left consumers unintentionally more vulnerable to hackers.
‘Consumers want to have minimal set up and complexity. They want to be able to start up the device and be able to use it immediately,’ Ashkenazi said.
But consumers, although wanting convenience, also don’t understand just how easy it is for a hacker to infiltrate their devices.
‘So, if you look at this connected home network or any device that consumers have, when it is connected to the internet, it means that anyone that is connected to the internet can access this IP address.
‘Once you add connectivity to a device, people don’t realise it but basically you allow anyone anywhere in the world to access the device… You suddenly have the person that previously had to be in physical proximity of the device sitting in North Korea, in Europe or Eastern Europe or wherever they are,’ Ashkenazi said.
Breaking down the hacking process to Channel News, he said consumers should be aware of how it works so they can better protect themselves.
Basically, in order for a hacker to gain access to your device, according to Ashkenazi, all they need is just one simple vulnerability – a bug.
‘There are two things that hackers need in order to hack a device – it can be your car, your computer, a mobile phone or refrigerator – but you have to have software that has bugs in it.’
Bugs are software vulnerabilities in coding that hackers can track and infiltrate to gain access and control to any device connected to your home WiFi, for example.
‘Any software that is running has bugs in it. It’s called “bug density” in the industry. It means that the more code that is running, the more bugs that will be present.
‘And even if the company is doing a lot of reviews of it to make sure that they fix it and they don’t have a vulnerability there; we know that there will always be bugs in the software.
‘This is why even companies that are doing a lot of efforts in securities, they always have patches and changes because there are bugs in it,’ he said.
But once a hacker has found a bug in a device, they then need to carry out a three-step process before they can control the device.
‘Three steps need to happen. The first is they need to have access to your device which is done when you add it to your network that is exposed to external intranet that can talk to anything in the internet. It means that device is then available, so that’s the first component.
‘You now have the hacker with access, but they still need to hack it.
‘How they do it is quite different to what we’re shown in Hollywood movies. It’s not as sophisticated and immediate. There’s usually some work that the hackers do to find these things that we as human are doing when we program code,’ Ashkenazi said.
The next and final phase in this three-part process is exactly where the vulnerability of bugs come in – and they need to find it before the company that owns the product does.
‘What the hackers are trying to do is to find these bugs before the companies find them and then they try to take advantage of it.
‘So, for example, if you have on your network let’s say a printer, and the code was not updated for a long time. The hacker isn’t interested in exploiting your printer but instead the devices that are connected to it through the network.
‘Hackers can access this printer through a bug that was not patched because people usually don’t see any value in updating the software in their printer.’
This means that a hacker can gain access to virtually any device in your home that uses your home WiFi network – including security camera, Amazon speakers and even your smartphones, where all your personal and financial information is stored.
But despite how simple this hacking process seems to the average person – there are many ways in which a consumer can protect themselves.
According to Ashkenazi, consumers can take one simple yet often overlooked step to ensure their privacy and data is protected from exploitation online – updating the software on their devices regularly.
‘The updates is one of the most important things to fight security because there are always mistakes being done by companies, even if a hacker finds the bug and they manage to build an attack through that, once it is detected the companies will patch all the other devices to make them immune to this specific attack,’ he said.
This means that a device is more vulnerable to a cyberattack if it’s running on old software.
‘How many people are, if they have a connected appliance or a printer, how many people are doing the updates for these devices? Very few because the update is not usually automatic.
‘The update process is actually quite complicated. For these devices, the user needs to download the firmware update to a PC, then copy it using a USB drive to the device they want to update.
‘Most consumers do not how to do this, or just don’t bother. These devices are instead left to run old software with many known unpatched vulnerabilities, waiting for hackers to take advantage of.’
Another complicated but secure way to protect your connected home is by creating two separate networks, so if hackers infiltrate to one network through a compromised device, they do not gain access to the other, more secure home network.
‘Some people are creating two networks in their house so that all these devices are connected to a separate network. It means that important things like a laptop or personal drives that include data can be kept safe.
‘But this is quite difficult for the average consumer. So, the thing is to try to as much as possible to stick to brands that are trusted,’ he said.
Buying smart products from big brands can also help bolster your protections against attacks because of the investments they make in security to protect their reputations and credibility.
It doesn’t necessarily mean you are guaranteed against hackers, but the big global tech giants – Amazon, Google and Microsoft – for example, have more to lose from hack attacks because of damage to their branding.
‘Even if you have a product from a big brand, it doesn’t mean they won’t get hit with attacks, so this just shows how difficult it is.
But usually it means that if their systems don’t work, they have something to lose, they are more motivated to fix it and to take security more seriously,’ Ashkenazi said.
But he says it’s still worth the money to invest in bigger brands.
‘We need to remember that in order to make devices secure, it takes money and time. And as long as consumers opt to go buy something for the lowest price, that will be more difficult for the companies to justify the investment in securities.
‘So, again, it doesn’t guarantee using a known brand to not be hacked and that they will not do big mistakes there. But at least you know they will not disappear the day after [an attack].’