The international research firm says the most commonly purchased devices will include smart smoke/CO detectors, thermostats, and lights. These products will join the billions of devices that make up the increasingly popular Internet of Things (IoT).
Each of these devices has its own internet protocol (IP) address and is connected to the internet, just like a PC or tablet. While they offer lots of benefits in terms of better energy efficiency and convenience, they also pose a silent risk: minimal to no security.
Denial-of-service attack
Just over a year ago, hackers harnessed tens of millions of unsecured smart devices like thermostats, home security systems and even printers to launch a massive denial-of-service (DOS) attack against major web sites like Amazon, Netflix, and Twitter. The attack prevented consumers from reaching these sites for several hours.
Dyn, the sites' common DNS provider, said its investigation showed that many of the compromised smart devices had been infected with a malware called Mirai, which is a botnet.
This attack was directed at Dyn, but the threat to individual consumers is just as possible and in many ways, more invasive.
Security software firm Trend Micro reported a steady increase in the number of attacks on smart appliances–interfering with individuals’ use of their lights, home security systems, thermostats and even TVs and baby monitors.
Additionally, the company expressed concern for voice controlled devices such as Siri, Alexa, Cortana, and Google Assistant, which can also retrieve information and control household appliances if connected.
Perhaps most concerning of all, Trend Micro cautions that device manufacturers can collect and store data and create online user profiles that could be vulnerable to hacks.
In testimony before the Senate Select Committee on Intelligence earlier this year, Director of National Intelligence Daniel Coats said too many IoT devices come from unregulated, low-cost foreign manufacturers that skimp on security to stay competitive.
Worse, he said some devices do not have a way to be “patched” to retrofit security measures and make them less vulnerable.
What to do
To protect themselves, Trend Micro experts say smart device users should not anything that does not have some means of authentication, such as a username and password.
When setting up their new device, users should be prompted to change the factory settings default username and password. Default passwords like "admin" are incredibly easy for a hacker to figure out.
Encryption is another important feature to protect your smart device. The manufacturer will probably spell out the type of encryption it uses, but Trend Micro recommends Googling the model number for any possible security issues consumers have reported.