Hide N’ Seek. Is it a baby’s toy? A children’s board game? No, it’s a playful name for a nasty piece of work. It’s a recently discovered botnet, an automated system of internet-connected devices, often controlled remotely by a human with mayhem in mind.

First appearing in January 2018, Hide N’ Seek infiltrated household devices such as routers and IP cameras. By May 2018, its malware had infected tens of thousands of unique devices and could attack home networks nine different ways. Worse yet, it’s getting bigger and more sophisticated.

Floods of IoT devices provide cyber-attack opportunities

Vulnerable devices like wireless baby monitors and webcams offer an easy way for cybercriminals to hijack ‘smart’ household IoT devices. When infected, these seemingly innocent items can spy on owners. They also provide a remote launching pad, which cybercrooks use to start a denial of service attack, commit ad-revenue click fraud, or engage in secret bitcoin mining (cryptojacking).

So many devices, so little security awareness

Finding botnets and getting the damage they create under control is no easy task. That’s because we love using IoT devices but can’t protect them effectively. Keeping smart home devices secure is a pain because:

  • IoT devices are a big part of our lives. Demand for them is growing. In 2018, homeowners will have installed about 1.2 billion IoT devices worldwide.

  • They’re so easy to infect. Many IoT devices ship with little or no security software or tools. The habit of new device owners using out-of-the-box passwords can spell big trouble. In a lab test, security researchers used default passwords to compromise off-the-shelf smart home devices and add them to a botnet in less than 30 minutes.

  • Bad guys can infect once, attack often. After you infect a device the first time, you get information that enables you to attack the same make and model of device anytime, from anywhere. All you need is the password.

  • Set-it-and-forget-it installation causes problems. Many devices that provide crooks with the “open, sesame” are installed in alleys or doorways, untouched for years. There’s no network monitoring or software updates that might keep the bad guys at bay.

  • Business solutions don’t help. Security solutions that work well for business networks won’t work for smart home devices. For example, hardware appliances such as firewall boxes are too expensive and use much more computer processing power than household IoT devices. So, device manufacturers build routers that are cheaper and require less powerful tools.

These trends serve as a reminder that infected smart devices provide a safe house for botnets and DDoS attacks, which can penetrate businesses and government agencies as well as private homes.

However, there’s no need to be gloomy. There are many ways to reduce the odds of a cyber break-in.

Smart homes need smart device security

Securing intelligent home devices requires a unique blend of security awareness and dogged persistence. Attitude—recognizing the importance of home security and willingness to complete maintenance tasks—is the key to success.

Remembering and acting on these principles is the start of a secure home network:

  • The research and care you take before setting up IoT devices have a lot to do with the security of your smart home devices.

  • Every Internet-connected device is an expressway into your home and its sensitive information.

  • Your devices at home require the same security awareness and follow-up as your computers and storage devices.

The essential smart device security checkoff list

Is the following to-do list everything you need to do to keep your smart home devices secure? Probably not, but doing these tasks is an excellent start:

  • Keep gadgets up to date. Learn how to update a new device as soon as you bring it home. Also, check manufacturer websites regularly for OS or firmware updates of all smart home devices.

  • Use a password manager. If dealing with passwords gives you a headache, use this tool to change the default. Then make sure to check it whenever your equipment restarts. (Reboots often send your settings back to the default.)

  • Keep things separate. Check your router information to see whether you can set up a different WiFi network for your IoT devices. If a denial of service exploit occurs, this tactic can keep attackers away from equipment that stores your sensitive information.

  • Research equipment before you buy. Before you reach for your checkbook, find internet reviews that describe the security vulnerabilities of each device. Better yet, delay the adoption of new smart home gadgets until they have a track record you can review.

Building IoT device security for the long haul

There’s no sign that cyber-attacks via smart home devices will end soon. Some device vendors are making their products more secure. However, assuming that all’s well in the security department is just looking for trouble.

Householders bear the burden of smart home device security. Yes, this is an annoying “one more thing” to deal with. However, information and best practices that can lighten the load of security tasks are available. Now, it’s time to use them and beat back the villains.


Published by Matthew Piggot