These threats are now at home.
getty
The FBI warns all citizens to keep “all operating systems, software, and firmware up to date” for all smart devices connected at home. This means phones, smart TVs, gaming consoles, as well as the raft of connected IoT devices we all now own.
This, the bureau says, will minimize your “exposure to cybersecurity threats.” But the problem is that many devices are never updated — either because we can’t or won’t. And that means we’re all horribly exposed, especially as Google confirms new attacks.
In a stark new report, Bitdefender and Netgear warn that “the average household has 22 connected devices,” and that “home network devices face an average of 29 attacks on connected devices per day.” That’s isn’t a faraway threat — they mean you.
This year the FBI and Google have highlighted the BADBOX 2.0 threat, where more than 10 million Android devices — including TVs — were compromised out-of-the-box, factory fresh. To that you can add the billion-plus Android phones now off support.
This new report says that while the connected home ecosystem is “dominated by mobile phones (19.6%),” you can now add “Smart TVs (9.5%) and streaming devices (7.3%), highlighting how connectivity still revolves around screens.”
Many of those devices run Android and need firmware updates and security patches just as your phone does. Have you ever done that? Have you ever checked? Are those devices connected to the same core WiFi network as your phones and computers? Can they see the open internet, meaning no firewall preventing them communicating externally?
Bitdefender and Netgear warn streaming devices “account for more than a quarter of all detected vulnerabilities, followed by smart TVs and IP cameras.” But that’s not all. “Printers, extenders, and network-attached storage systems also feature prominently.”
Circling back to the warnings from Google and the FBI, such devices have been abused “in large-scale malware campaigns such as BADBOX, which turn ordinary smart home gadgets into coordinated botnets that target networks far beyond the living room.”
Mitigation is both simple and impossible — if your devices are outdated. “Most breaches in smart homes happen because of outdated, misconfigured, or abandoned devices,” the report says. “Security demands visibility and continuous device monitoring.”
The key advices is this. Know what’s connected. Keep an updated inventory of all IoT and networked devices at home or work. Disable the ones you no longer use.” And then patch quickly, “as soon as a new firmware version becomes available.”
More critically, you need to keep this one thing in mind. Devices that are no longer supported or updated are permanent liabilities — swap them for models that receive regular security patches.” Put more simply, “replace legacy hardware.”
You should also “segment your network.” That means keeping IoT devices on a separate network from data-handling devices such as phones, tablets and computers.
“The data is clear,” Bitdefender and Netgear warn. “The modern household faces continuous, automated cyber threats, averaging nearly 30 attacks every day. From smart TVs to doorbells, the devices that make life easier are now the very entry points attackers exploit. The need for built-in, network-level security is clearer than ever.”
