*By Denis Riviello
Connected security systems, remotely controlled household appliances, voice-activated virtual assistants and automated lighting systems are no longer inventions from futuristic films and are already part of people's daily lives.
Driven by technological advances and the demand for greater connectivity and automation in recent years, the significant growth in the adoption of the Internet of Things (IoT) in homes promotes the interconnection of everyday devices and objects to the network, allowing them to communicate and share information with each other .
And, although this technology offers residents greater convenience, energy efficiency and practicality, allowing them to control and monitor various aspects of their homes through applications on mobile devices or virtual assistants, it also presents risks.
Traditionally built on open source systems, IoT devices, aimed at the residential market, have as their main focus practicality and economy, which, in turn, seek to optimize residents' routines. However, in many cases, these residents do not prioritize an important part these days that must be taken into consideration: security and privacy.
The number of residential IoT devices that work with obsolete operating systems is growing, many of which are more than five years old and have extremely high security breaches. This scenario ends up inviting attackers and hackers who take advantage of these flaws to infiltrate residential networks and leak information or even confidential data from companies that are being accessed through these unprotected networks.
According to a report from Check Point Software Technologies, in 2023, there was a 41% increase in attacks on Internet of Things (IoT) devices. Risks include unauthorized access, remote control of devices, leakage of personal information and even interruption of surveillance cameras or alarm systems, causing a breach in residential security and causing financial problems and even problems related to the residents' own physical integrity.
In addition to weak passwords or predictable patterns, lack of security updates and incorrect configurations making it easier to invade the system, there are weaknesses in the devices themselves that help in the emergence of these risk scenarios, such as insecure communication protocols, unencrypted HTTP, lack of adequate authentication and firmware flaws, which can be exploited to execute malicious code or gain unauthorized access to any device.
How do I know my house is under attack?
Today, identifying that a device has been hacked is also a major challenge, as, committed to not being discovered, hackers look for ways to remain hidden so that they can return when necessary. Although sometimes the behavior of a hacked device is very similar to those that are about to break or are obsolete, there are some signs that may indicate a possible hack into an automated home system.
Abnormal behavior of devices, which start to turn on or off by themselves, performing unauthorized actions; frequent malfunctions; changes to settings without consent, such as passwords, usernames and automation rules, among others, are some examples of a home's system being invaded.
Furthermore, excessive data usage, inclusion of new devices or unknown accounts in the automated home system, unauthorized remote access, and unsolicited communications can also indicate that some hacker is remotely accessing the IoT devices.
If the user is convinced that a device has been compromised, the first action to be taken is to turn off the equipment. Then, the recommendation is to turn off the home's internet, wait a period of one hour for the connection to change its digital address and turn it on again. Afterwards, as a security measure, all devices in the home should be inspected to ensure that the intruder did not compromise any other devices. To do this, it is recommended that a security professional carry out this check.
This does not mean that people should give up on investing in IoT
Using an automated home has several advantages for everyday life, and there are ways to avoid possible attacks. The first precautions must be related to the network, and it is always necessary to use a secure home Wi-Fi network, with WPA2 or WPA3 encryption and a strong password, changing the pattern from time to time. If possible, a security measure is to separate the Wi-Fi network of IoT devices from the home's main network, either by creating a separate network or by using VLANs (Virtual Local Area Networks) to isolate the IoT devices from the rest.
Additionally, it is essential to keep your Wi-Fi router and devices aligned with the latest firmware updates as they include security fixes. It is important to consider using firewalls and network security solutions to monitor traffic and be aligned with manufacturer information about security updates.
Furthermore, care related to device configuration routinely should be a concern for residents. As soon as the product is purchased, the user must change the default settings of IoT devices, such as passwords, usernames and authentication information, disable unnecessary features that will not be used, as the fewer services and ports are exposed, the lower the the attack surface. Using two-factor authentication is also always a valid suggestion, adding an extra layer of security.
*Denis Riviello is a specialist in Digital Security with more than 20 years of experience in designing and custom structuring centers responsible for information security in large Brazilian companies. At Compugraf, he heads the Security, Services, Customer Success and GRC areas.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
