Over the last few years, the introduction of connected devices into our homes has become a boon for consumer convenience and entertainment. But this dynamic has important cybersecurity and privacy considerations. The astounding increase of connected devices has not only given attackers new points of entry but also allows more of our information to be collected and potentially shared than ever before.
To find out how consumers address cybersecurity and privacy risks of connected devices in their homes, ESET, in September 2019, surveyed 4,000 people – 2,000 in the United States, 2,000 in Canada. Overall, the results show a large disconnect between what people say they do to protect themselves and what they are actually doing in practice.
The Heart of the Connected Home
Starting at the central point of a connected home, the router, ESET polled respondents if they had changed their router username and password, either directly or through a technician when it was first acquired. About 57 percent of Americans either said the username and password were not changed or they do not know if they were changed. In a similar vein, 57 percent either could not or do not know if they could name every device connected to their home network.
A secure router is the basis of an effective home network. The router is both the heart of the network and is in the majority of scenarios the single internet-facing device, taking ineffective security measures (or taking none at all) makes every device connected to it more vulnerable. At a minimum, passwords and usernames should be changed from either their factory or ISP/cable provider default. As the public-internet facing device attackers may be able to gain some information by default and even the slightest knowledge about a device will open the opportunity to try connecting to it using the default administrative credentials, making the device an incredibly easy target.
The devices connected to that network pose a risk as well. Almost 44-45 percent of respondents have between one and five connected devices, which one would think should be easy to keep track of. The respondents that have more than 10 devices is where keeping track of them all starts to get tricky. Giving each device a recognizable name is a must to make it easier to keep track of the authorized vs. unauthorized devices on a network.
Connected Device Security
Consumers claim to be worried about cybercriminals targeting connected home devices, yet 42 percent of respondents are not worried about something they sit in front of for hours every week – their connected TVs.
When connected to the internet a connected TV can potentially be taken attacked by ransomware, the resources abused by coinminers or the credentials used to access your favorite streaming service could be stolen. Anything connected to your home router can be targeted by cybercriminals.
Interestingly, about 17 percent of total respondents have connected devices (not just smart TVs) that they did not connect to the internet. Some didn’t have time to set up the features, while others simply don’t care enough about the additional features to connect the devices to the internet.
We found that more than half (61 percent) of Americans don’t turn off features that they do not use. Keeping with the television example, consumers may buy a smart TV for its streaming features only to realize after-the-fact that there are certain apps they want to use to connect to these services are not available on the device. The consumer purchases an additional streaming device, such as Apple TV or uses a gaming console to stream, but they never turn off the internet connection on the TV. That device is now connected to the home network and is likely not monitored or updated. That’s a hazard to home network security.
Start with the Basics
It’s clear there is still a learning curve for many consumers with connected homes. A whole host of problems can be avoided simply by changing the default username and password on the router and keeping the software up to date. This is especially important as consumers add new types of devices to their networks every year, a trend this set to continue.
Consumers would do well to remember the saying, “an ounce of prevention is worth a pound of cure.” Our survey found that, even though 35 percent of Americans and 37 percent of Canadians said they were concerned about the security of their connected homes, only 20 percent of Americans and 29 percent of Canadians did any type of research on the data collection and storage policies of connected home device manufacturers.
Consumers who spend hours evaluating price, features and the aesthetics of their home devices would do well to spend a few minutes researching the reputation of the manufacturer, the security of the device, known issues and vulnerabilities and the degree to which their data is shared or sold to third parties.