1
00:00:00,000 --> 00:00:05,760
Your smart home is actually stupid. And I don't mean that your smart fridge is pointless. Well,

2
00:00:05,760 --> 00:00:10,480
it is. But what I'm talking about are the now ubiquitous smart gadgets in your house that aren't

3
00:00:10,480 --> 00:00:15,680
smart enough to protect themselves or the rest of your network. They're like the tech equivalent

4
00:00:15,680 --> 00:00:21,600
of Dodo birds. Small IoT products like lights, thermostats and cameras can be easy vectors for

5
00:00:21,600 --> 00:00:27,360
hackers to put malware on your home network or steal your information. And attacks like that can

6
00:00:27,360 --> 00:00:34,720
put anyone who connects to your network at risk. In 2016, the Mariah worm famously created an IoT

7
00:00:34,720 --> 00:00:42,000
botnet so massive that it took down Amazon, Twitter, Reddit, PayPal and Netflix by unleashing a DDoS

8
00:00:42,000 --> 00:00:48,320
attack on these sites DNS provider. But what exactly makes IoT devices such attractive targets

9
00:00:48,320 --> 00:00:54,800
for attackers? For one thing, smart gadgets are often a lot less complicated than computers, tablets

10
00:00:54,880 --> 00:01:01,120
or phones, which is just as much of a selling point for bad actors as it is for your parents.

11
00:01:01,120 --> 00:01:06,800
The latter kind of products have both stored and handled sensitive personal data for a long time.

12
00:01:06,800 --> 00:01:11,520
So the engineers who design hardware and software for them make security a priority.

13
00:01:11,520 --> 00:01:16,560
You can find everything from advanced encryption to dedicated security chips on a wide variety

14
00:01:16,560 --> 00:01:23,360
of phones and PCs these days. But IoT devices often miss out on all this fancy protection.

15
00:01:23,360 --> 00:01:28,880
This is because the smart gadgets in your home only do a very limited range of things. A smart

16
00:01:28,880 --> 00:01:34,640
plug might do nothing but turn a light on or off. A smart garage door only opens and closes

17
00:01:34,640 --> 00:01:40,480
and a smart fridge will only screech at you to buy another overpriced water filter. These things

18
00:01:40,480 --> 00:01:45,920
require very little processing power, so IoT devices usually aren't equipped with the latest and

19
00:01:45,920 --> 00:01:53,120
greatest CPUs or SoCs and as such are limited in their security capabilities. Instead, they might

20
00:01:53,120 --> 00:01:58,800
be operating on a design that's either many years old or produced to be as cheap as possible.

21
00:01:58,800 --> 00:02:05,040
I mean, no one would ever buy a smart toaster if it ran on a $400 Core i7. Even though that would

22
00:02:05,040 --> 00:02:11,280
definitely make your toast taste better. But underpowered hardware is far from the only reason

23
00:02:11,280 --> 00:02:16,960
IoT devices are easy to hack. Even if the hardware inside your favorite smart lock isn't particularly

24
00:02:16,960 --> 00:02:23,280
low-end or outdated, the fact that there isn't one standard for how IoT gadgets are designed

25
00:02:23,280 --> 00:02:28,880
and built presents other security challenges. There are different protocols smart devices use

26
00:02:28,880 --> 00:02:35,840
to communicate, such as Wi-Fi, Z-Wave, ZigBee, and Bluetooth, meaning there isn't a greed upon

27
00:02:35,840 --> 00:02:41,440
set of practices to secure the incredibly broad range of IoT devices out there. All of these

28
00:02:41,440 --> 00:02:46,480
protocols have different vulnerabilities, not to mention that these products usually have many

29
00:02:46,480 --> 00:02:51,600
highly specialized components from lots of different suppliers, making it difficult to

30
00:02:51,600 --> 00:02:58,000
coordinate a security strategy and close as many attack vectors as possible. Then you have the fact

31
00:02:58,000 --> 00:03:04,400
that the device-specific software simply isn't up to scratch. One common weak point is the use of

32
00:03:04,400 --> 00:03:10,000
hard-coded passwords. These are default passwords built into the device's software that cannot be

33
00:03:10,000 --> 00:03:15,840
changed by the user and are not chosen at random. Although this makes it easier to access settings,

34
00:03:15,840 --> 00:03:21,280
it significantly increases the chances that an attacker could guess or uncover the password and

35
00:03:21,280 --> 00:03:25,920
force their way into your network, even though you spent all evening coming up with the absolute

36
00:03:25,920 --> 00:03:36,560
masterpiece that is UNH4CKA8L3-6969. Even without an obvious backdoor like a hard-coded password,

37
00:03:36,560 --> 00:03:43,040
software for IoT devices is often rushed out in order to keep costs down or meet a release deadline.

38
00:03:43,120 --> 00:03:47,280
Or it can be configured out of the box with minimal security to make setup easier.

39
00:03:47,280 --> 00:03:51,680
This means that even if a product is shipped out without glaring defects in code,

40
00:03:51,680 --> 00:03:57,040
simply setting it up with the manufacturer's default settings can introduce a big security

41
00:03:57,040 --> 00:04:03,680
hole for a home. Bottom line? Research your stuff before you buy it. Tweak the settings to

42
00:04:03,680 --> 00:04:10,320
plug obvious security holes and put IoT devices on a separate network if you can. One simple way

43
00:04:10,320 --> 00:04:16,640
to do this is to put IoT on a 2.4GHz network and more sensitive devices on a 5GHz network,

44
00:04:16,640 --> 00:04:20,640
though there are ways you can split up your network even more securely.

45
00:04:20,640 --> 00:04:25,600
Look, many businesses do what they can, but with so many people working from home and remotely

46
00:04:25,600 --> 00:04:30,560
connecting to a company network, it wouldn't be surprising to see some multi-million-dollar

47
00:04:30,560 --> 00:04:36,720
trade secret get stolen by a hacker who made it through the work laptop of some middle manager

48
00:04:36,720 --> 00:04:43,360
who bought a $10 Wi-Fi enabled egg cart. Was it worth it, Harold? Can I call you Harry?

49
00:04:43,360 --> 00:04:46,800
So thanks for watching guys, if you liked this video, hit like, hit subscribe, and hit us up

50
00:04:46,800 --> 00:04:51,360
in the comments section with your suggestion for topics that we should cover in the future.