Almost 30 million households in Europe will be smart homes by the end of the year, research suggests. Getty Images
Almost 30 million households in Europe will be smart homes by the end of the year, research suggests. Getty Images

When smart homes aren't smart enough: why your home tech could be easily hacked



It's an unsettling experience to have your home invaded by some kind of technological poltergeist. Unusual messages spontaneously emerging from your printer. Disembodied voices coming through your security camera. Thermostats going haywire, odd videos interrupting your evening's television viewing and doors unlocking without warning. While these occurrences are still relatively uncommon, last year saw a marked increase in hackers targeting internet-connected devices in people's homes: from light bulbs to plant waterers, music players to central-heating systems. The consumer appeal of this kind of gadget is obvious: by hooking them up to your network, you can automate them and control them remotely – but with that convenience comes vulnerability.

The problem is on the rise 

In recent months, a number of well-publicised incidents have raised awareness of the problem. In November, a group of hackers in Calgary, Canada, accessed a security camera belonging to a man living 2,500 kilometres away in Arizona and spoke to him through the device to warn him that his home was insecure. One of his personal passwords had leaked on the internet, and he had used the same one for his camera. Last week, someone styling themselves as ­"TheHackerGiraffe" hijacked tens of thousands of printers and Chromecast devices to display messages promoting the videos of Swedish YouTuber PewDiePie.

While these incidents seem to be mischievous rather than malicious, they highlight a more sinister problem, according to John Shier at security software firm Sophos. “Insecure devices can become a gateway into the rest of your network,” he says. “This could dramatically impact your privacy if documents are stolen or your traffic is monitored. But the more likely scenario is one we’ve seen time and time again, where devices are hijacked to become part of a botnet – perhaps a hundred thousand strong – which is then used to attack somebody else.”

Craig Young, a researcher at cybersecurity firm Tripwire, explains that compromised devices can also present a direct risk to personal safety. “If a Chromecast device is improperly exposed to the internet,” he says, “someone could find out its physical location. Then, if they see that no one has watched TV for 24 hours, they might guess that you’re away from home.” With a predicted 20 billion so-called “Internet of Things” (IoT) devices online by 2020, the potential for this kind of crime is growing by the day. “We need to start thinking in terms of herd immunity,” Shier says.

Security can be sacrificed for ease of use

While it’s true that many people take little interest in their own digital security, Young believes that a good deal of the blame can be laid at the doors of certain manufacturers. With the growing trend for devices to work straight out of the box, the industry-wide pursuit of a “frictionless” experience – no menus, no passwords, no hassle – can present problems. “Firms want to encourage adoption of these new technologies,” Young says. “So some of them make devices easier to use by sacrificing certain security components. They promote the idea that anything you put in your home network is safe because it’s only used by people you trust – but that doesn’t meet the reality of the modern internet.” Shier also sees security problems in budget products. “The firms who want to get in on the IoT craze will try to get to market cheaper than everybody else,” he says, “and so corners are cut.”

_________________________

Read more:

As Haley closes Twitter account, are Trump and team headed for social media standoff?

From driverless cars to delivery drones: What will technology do to us in 2019? 

AI-created photos: a threat or opportunity?

_________________________

User-friendly devices that don't require a password to access them present obvious problems, but devices where default factory-­set passwords are never changed by the user are equally unsafe. Such devices have been attacked for years. In 2014, a Russian website began broadcasting streams from unsecured webcams and it became hugely popular – but we still haven't wised up. A 2017 article by security company Positive Technologies estimated that the default passwords of 15 per cent of internet-connected devices have never been changed since they were unboxed. A simple Google search can reveal those default passwords, giving hackers a big head start when looking for vulnerabilities.

Hackers are trying to expose poor security

As hacking methods become more sophisticated, smart devices also need regular firmware updates to stay secure – but the habit of checking for such updates hasn't caught on, according to Young. "I don't know about you," he says, "but I don't think many people are logging in to, say, their router on a regular basis to see if it needs an update. The only way somebody will do that is if they see a news story telling them that it's being exploited." Shier agrees. "It's difficult to incentivise somebody to do something from a security perspective," he says, "but when you see that someone's webcam has been hacked, well, then it becomes real."

TheHackerGiraffe, who perpetrated last week's printer and Chromecast exploit, styles himself as a "white hat" hacker whose exploits are to alert consumers to poor security. "I just wanted to tell people that their devices were vulnerable," he said in an audio post on Twitter. "It doesn't matter how many blog posts security researchers write. No one cared, no one thought about it. But all it took was someone like me. The number of printers exposed went down, people started protecting their stuff. I'm glad." But having received a number of threatening messages in the past few days, he has curtailed his activities and deleted almost all of his online accounts. "I definitely don't support hackers using people's devices [in this way]," Young says, "but I can understand where they're coming from."

The problem evidently can't be solved by public-spirited hacking alone, and Shier believes that governments will soon start to take action. "I think they will provide incentives to companies by drawing up a set of guidelines," he says, "and if a product meets all of them, then they'll have the opportunity to put a gold star on the box [as an assurance of quality], so that it stands out from the others." This would certainly be a step in the right direction, but little progress is being made on agreeing an international set of guidelines for the security of baby monitors, fridges, smart kettles and home hubs. For the time being, it's down to us to recognise that devices that claim to make our lives easier also have the potential to make them much more difficult.

The specs

Engine: 2.0-litre 4-cyl, 48V hybrid

Transmission: eight-speed automatic

Power: 325bhp

Torque: 450Nm

Price: Dh359,000

On sale: now 

Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.

Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.

Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.

Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.

“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.

Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.

From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.

Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.

BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.

Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.

Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.

“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.

Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.

“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.

“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”

The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”

Our legal consultant

Name: Dr Hassan Mohsen Elhais

Position: legal consultant with Al Rowaad Advocates and Legal Consultants.

Formula Middle East Calendar (Formula Regional and Formula 4)
Round 1: January 17-19, Yas Marina Circuit – Abu Dhabi
 
Round 2: January 22-23, Yas Marina Circuit – Abu Dhabi
 
Round 3: February 7-9, Dubai Autodrome – Dubai
 
Round 4: February 14-16, Yas Marina Circuit – Abu Dhabi
 
Round 5: February 25-27, Jeddah Corniche Circuit – Saudi Arabia