Over
the last few years, the introduction of connected devices into our homes has
become a boon for consumer convenience and entertainment. But this dynamic has
important cybersecurity and privacy considerations. The astounding increase of
connected devices has not only given attackers new points of entry but also
allows more of our information to be collected and potentially shared than ever
before.

To
find out how consumers address cybersecurity and privacy risks of connected
devices in their homes, ESET, in September 2019, surveyed 4,000 people – 2,000 in the United
States, 2,000 in Canada. Overall, the results show a large disconnect between
what people say they do to protect themselves and what they are actually doing
in practice.

The Heart of the Connected Home

Starting at the central point of a connected home, the router, ESET polled respondents if they had changed their router username and password, either directly or through a technician when it was first acquired. About 57 percent of Americans either said the username and password were not changed or they do not know if they were changed. In a similar vein, 57 percent either could not or do not know if they could name every device connected to their home network.

A
secure router is the basis of an effective home network. The router is both the
heart of the network and is in the majority of scenarios the single internet-facing
device, taking ineffective security measures (or taking none at all) makes
every device connected to it more vulnerable. At a minimum, passwords and usernames
should be changed from either their factory or ISP/cable provider default. As
the public-internet facing device attackers may be able to gain some
information by default and even the slightest knowledge about a device will
open the opportunity to try connecting to it using the default administrative
credentials, making the device an incredibly easy target.

The devices connected to that network pose a risk as well. Almost 44-45 percent of respondents have between one and five connected devices, which one would think should be easy to keep track of. The respondents that have more than 10 devices is where keeping track of them all starts to get tricky. Giving each device a recognizable name is a must to make it easier to keep track of the authorized vs. unauthorized devices on a network.

Connected Device Security

Consumers claim to be worried about cybercriminals targeting connected home devices, yet 42 percent of respondents are not worried about something they sit in front of for hours every week – their connected TVs.

When
connected to the internet a connected TV can potentially be taken attacked by
ransomware, the resources abused by coinminers or the credentials used to
access your favorite streaming service could be stolen. Anything connected to
your home router can be targeted by cybercriminals.

Interestingly, about 17 percent of total respondents have connected devices (not just smart TVs) that they did not connect to the internet. Some didn’t have time to set up the features, while others simply don’t care enough about the additional features to connect the devices to the internet.

We found that more than half (61 percent) of Americans don’t turn off features that they do not use. Keeping with the television example, consumers may buy a smart TV for its streaming features only to realize after-the-fact that there are certain apps they want to use to connect to these services are not available on the device. The consumer purchases an additional streaming device, such as Apple TV or uses a gaming console to stream, but they never turn off the internet connection on the TV. That device is now connected to the home network and is likely not monitored or updated. That’s a hazard to home network security.

Start with the Basics

It’s
clear there is still a learning curve for many consumers with connected homes.
A whole host of problems can be avoided simply by changing the default username
and password on the router and keeping the software up to date. This is
especially important as consumers add new types of devices to their networks
every year, a trend this set to continue.

Consumers would do well to remember the saying, “an ounce of prevention is worth a pound of cure.” Our survey found that, even though 35 percent of Americans and 37 percent of Canadians said they were concerned about the security of their connected homes, only 20 percent of Americans and 29 percent of Canadians did any type of research on the data collection and storage policies of connected home device manufacturers.

Consumers
who spend hours evaluating price, features and the aesthetics of their home
devices would do well to spend a few minutes researching the reputation of the
manufacturer, the security of the device, known issues and vulnerabilities and
the degree to which their data is shared or sold to third parties.