General Public Unaware of the Risks of Smart Technology - Tech Expert

The National Cyber Security Centre has advised people to alter the settings of smart products after buying them. This comes after major security flaws were found in many so-called ‘Smart Cameras’ and video-equipped baby monitors. Industry leaders have warned that the devices in question are vulnerable to cyber-attackers.
Sputnik

Tech blogger Matteo Doni shares his thoughts about what more can be done to educate the public and how one at-risk device could lead to your entire home being compromised.

Sputnik: Is the General Public aware of the risks involved with smart tech?

Matteo Doni: I think the general public isn't aware of this despite multiple reports over the last few years about how susceptible they are and how the default passwords that are on them are extremely easy to find online. Not just from the manufacturer's website, but from other websites as well. So I think there's a lot of education that needs to be done to let people know that it's not okay to leave the default password on their internet router, on the cameras, the baby monitors or maybe even just the printers.

Sputnik: You talked about default passwords there, that seems to be a recurring issue with these devices. Why do people not think of changing them when they come out and what are the big risks involved with not changing these default passwords?

Matteo Doni: It's quite common for normal users of technology to be very excited about getting a device out of the box and have it working as quickly as possible so that they get the benefits of whatever that product offers. So most manufacturers of these devices have default passwords and usually a default username as well, which is on the device. It's usually on a sticker on the device. And they strongly encourage users to then change the passwords once they've set the device up. But as I said, most people are quite excited about this new purchase that they've made. They're really wanting to get the benefits of it straightaway. They often either don't bother changing the password straightaway or put that off, and the outcome is sometimes quite worrying.

We've seen in the US examples of baby monitors, with people speaking to the babies during the night, we've seen people being watched in their apartments by other people and this then being streamed onto other websites. So it's very worrying. And I think this is very important for either the manufacturers to change the way this user onboarding happens with our products by forcing people to set up a secure password or a personalized password as they set it up, rather than having the option to leave the default password.

Sputnik: Now you mentioned there the concept of someone speaking through one of these baby monitors, but with hackers, what kind of information can be obtained via these smart devices?

Matteo Doni: Now the worrying thing is that these devices, depending on what your router setup is, and what the network setup is, can be a gateway into your computer network. People too often don't think about it, but their home Wi-Fi connection is a computer network. So by having access to these devices, potentially someone with malicious intent could then have access to your computer, to your games console, to your thermostat, and many other devices and essentially, anything that connects to your home Wi-Fi including printers.

Sputnik: One of the biggest products of the last festive period was the Amazon Ring, which was their smart doorbell camera hybrid. These products are going to continue to rise in popularity. Do you think more needs to be done to make the public aware of the security risks that come with these items?

Matteo Doni: I think what 'Which' have done in the UK, what a lot of manufacturers including Amazon ring have done after they were called out for the lack of security during setup, is a good start. I think that there's no point in having regulation in the space because by the time there is legislation on the matter, it's obsolete, the technology moved on and we'll have a new type of technology so things will be different. I think that it's all down to the media making sure everyone's aware of the potential issue and the manufacturers, or the people who have the devices manufactured for them and their brands put on them, making sure that the packaging and the setup and onboarding process is as clear as possible about the needs to change your password if not forcing them altogether.

Discuss