WEBVTT

00:00:00.080 --> 00:00:06.000
your smart home is actually stupid and i don't mean that

00:00:03.679 --> 00:00:09.760
your smart fridge is pointless well it is but what i'm talking about are the

00:00:08.000 --> 00:00:14.080
now ubiquitous smart gadgets in your house that aren't smart enough to

00:00:11.920 --> 00:00:18.240
protect themselves or the rest of your network they're like the tech equivalent

00:00:15.759 --> 00:00:22.880
of dodo birds small iot products like lights thermostats and cameras can be

00:00:20.400 --> 00:00:26.080
easy vectors for hackers to put malware on your home network or steal your

00:00:24.960 --> 00:00:30.480
information and attacks like that can put anyone who

00:00:28.480 --> 00:00:36.880
connects to your network at risk in 2016 the mirai worm famously created

00:00:33.920 --> 00:00:42.559
an iot botnet so massive that it took down amazon twitter reddit paypal and

00:00:39.680 --> 00:00:47.120
netflix by unleashing a ddos attack on these sites dns provider but what

00:00:44.800 --> 00:00:52.559
exactly makes iot devices such attractive targets for attackers for one

00:00:49.600 --> 00:00:57.840
thing smart gadgets are often a lot less complicated than computers tablets or

00:00:55.120 --> 00:01:01.039
phones which is just as much of a selling point for bad actors as it is

00:00:59.760 --> 00:01:04.879
for your parents the latter kind of products have both

00:01:02.800 --> 00:01:09.119
stored and handled sensitive personal data for a long time so the engineers

00:01:07.520 --> 00:01:13.840
who design hardware and software for them make security a priority you can

00:01:11.760 --> 00:01:18.960
find everything from advanced encryption to dedicated security chips on a wide

00:01:16.080 --> 00:01:24.240
variety of phones and pcs these days but iot devices often miss out on all this

00:01:21.920 --> 00:01:28.799
fancy protection this is because the smart gadgets in your home only do a

00:01:26.320 --> 00:01:33.680
very limited range of things a smart plug might do nothing but turn a light

00:01:31.119 --> 00:01:38.640
on or off a smart garage door only opens and closes and a smart fridge will only

00:01:36.320 --> 00:01:41.439
screech at you to buy another overpriced water filter

00:01:39.840 --> 00:01:45.920
these things require very little processing power so iot devices usually

00:01:44.240 --> 00:01:52.079
aren't equipped with the latest and greatest cpus or socs and as such are

00:01:49.600 --> 00:01:56.640
limited in their security capabilities instead they might be operating on a

00:01:54.000 --> 00:02:00.799
design that's either many years old or produced to be as cheap as possible i

00:01:58.960 --> 00:02:05.920
mean no one would ever buy a smart toaster if it ran on a 400 core i7 even

00:02:04.479 --> 00:02:11.760
though that would definitely make your toast taste better but underpowered

00:02:09.039 --> 00:02:15.760
hardware is far from the only reason iot devices are easy to hack we'll tell you

00:02:13.920 --> 00:02:20.000
about the others right after we thank xsplit for sponsoring this video xsplit

00:02:18.400 --> 00:02:24.879
is a trusted live streaming and recording software designed for gaming

00:02:22.160 --> 00:02:28.800
presentations and live events it offers useful features like xsplit broadcaster

00:02:27.200 --> 00:02:32.560
an all-in-one streaming and recording solution designed for content creation

00:02:30.959 --> 00:02:37.040
connect webcam which turns your smartphone into a webcam presenter which

00:02:35.200 --> 00:02:41.680
lets you add personality flair and interactivity to presentations capture

00:02:39.680 --> 00:02:46.239
which lets you capture images and record your screen so you can add annotations a

00:02:43.680 --> 00:02:51.840
voiceover and share a link in seconds and vcam a fantastic virtual background

00:02:49.120 --> 00:02:55.360
tool for webcams use code Linus at the link below and save 10

00:02:53.920 --> 00:03:01.440
right now even if the hardware inside your favorite smart lock isn't particularly

00:02:58.640 --> 00:03:06.480
low end or outdated the fact that there isn't one standard for how iot gadgets

00:03:04.400 --> 00:03:10.720
are designed and built presents other security challenges there are different

00:03:08.959 --> 00:03:17.200
protocols smart devices use to communicate such as wi-fi z-wave zigbee

00:03:14.720 --> 00:03:21.680
and bluetooth meaning there isn't an upon set of practices to secure the

00:03:19.440 --> 00:03:24.159
incredibly broad range of iot devices out there

00:03:22.720 --> 00:03:28.560
all of these protocols have different vulnerabilities not to mention that

00:03:26.000 --> 00:03:33.040
these products usually have many highly specialized components from lots of

00:03:30.720 --> 00:03:38.720
different suppliers making it difficult to coordinate a security strategy and

00:03:35.280 --> 00:03:40.560
close as many attack vectors as possible

00:03:38.720 --> 00:03:43.920
then you have the fact that the device specific software simply isn't up to

00:03:42.959 --> 00:03:48.959
scratch one common weak point is the use of

00:03:46.080 --> 00:03:52.319
hard-coded passwords these are default passwords built into the device of

00:03:50.480 --> 00:03:57.040
software that cannot be changed by the user and are not chosen at random

00:03:55.200 --> 00:04:01.760
although this makes it easier to access settings it significantly increases the

00:03:59.360 --> 00:04:05.680
chances that an attacker could guess or uncover the password and force their way

00:04:03.599 --> 00:04:10.720
into your network even though you spent all evening coming up with the absolute

00:04:07.599 --> 00:04:10.720
masterpiece that is

00:04:12.519 --> 00:04:19.359
unh4cka8l3-6969 of course nice even without an obvious backdoor like a

00:04:16.959 --> 00:04:23.759
hard-coded password software for iot devices is often rushed out in order to

00:04:21.759 --> 00:04:27.680
keep costs down or meet a release deadline or it can be configured out of

00:04:25.919 --> 00:04:32.000
the box with minimal security to make setup easier this means that even if a

00:04:30.160 --> 00:04:36.479
product is shipped out without glaring defects in code simply setting it up

00:04:34.479 --> 00:04:41.360
with the manufacturer's default settings can introduce a big security hole for a

00:04:39.680 --> 00:04:46.160
home bottom line research your stuff before you buy it

00:04:44.080 --> 00:04:51.280
tweak the settings to plug obvious security holes and put iot devices on a

00:04:49.199 --> 00:04:55.840
separate network if you can one simple way to do this is to put iot

00:04:53.520 --> 00:04:59.759
on 2.4 gigahertz network and more sensitive devices on a 5 gigahertz

00:04:57.759 --> 00:05:04.479
network though there are ways you can split up your network even more securely

00:05:02.320 --> 00:05:07.919
look many businesses do what they can but with so many people working from

00:05:06.320 --> 00:05:11.840
home and remotely connecting to a company network it wouldn't be

00:05:09.600 --> 00:05:15.759
surprising to see some multi-million dollar trade secret gets stolen by a

00:05:14.160 --> 00:05:22.000
hacker who made it through the work laptop of some middle manager who bought

00:05:18.880 --> 00:05:23.680
a 10 wi-fi enabled egg cart

00:05:22.000 --> 00:05:26.560
was it worth it harold can i call you harry so thanks for

00:05:25.440 --> 00:05:30.240
watching guys if you liked this video hit like hit subscribe and hit us up in

00:05:28.560 --> 00:05:34.960
the comments section with your suggestion for topics that we should

00:05:32.080 --> 00:05:34.960
cover in the future