WEBVTT 00:00:00.000 --> 00:00:05.760 Your smart home is actually stupid. And I don't mean that your smart fridge is pointless. Well, 00:00:05.760 --> 00:00:10.480 it is. But what I'm talking about are the now ubiquitous smart gadgets in your house that aren't 00:00:10.480 --> 00:00:15.680 smart enough to protect themselves or the rest of your network. They're like the tech equivalent 00:00:15.680 --> 00:00:21.600 of Dodo birds. Small IoT products like lights, thermostats and cameras can be easy vectors for 00:00:21.600 --> 00:00:27.360 hackers to put malware on your home network or steal your information. And attacks like that can 00:00:27.360 --> 00:00:34.720 put anyone who connects to your network at risk. In 2016, the Mariah worm famously created an IoT 00:00:34.720 --> 00:00:42.000 botnet so massive that it took down Amazon, Twitter, Reddit, PayPal and Netflix by unleashing a DDoS 00:00:42.000 --> 00:00:48.320 attack on these sites DNS provider. But what exactly makes IoT devices such attractive targets 00:00:48.320 --> 00:00:54.800 for attackers? For one thing, smart gadgets are often a lot less complicated than computers, tablets 00:00:54.880 --> 00:01:01.120 or phones, which is just as much of a selling point for bad actors as it is for your parents. 00:01:01.120 --> 00:01:06.800 The latter kind of products have both stored and handled sensitive personal data for a long time. 00:01:06.800 --> 00:01:11.520 So the engineers who design hardware and software for them make security a priority. 00:01:11.520 --> 00:01:16.560 You can find everything from advanced encryption to dedicated security chips on a wide variety 00:01:16.560 --> 00:01:23.360 of phones and PCs these days. But IoT devices often miss out on all this fancy protection. 00:01:23.360 --> 00:01:28.880 This is because the smart gadgets in your home only do a very limited range of things. A smart 00:01:28.880 --> 00:01:34.640 plug might do nothing but turn a light on or off. A smart garage door only opens and closes 00:01:34.640 --> 00:01:40.480 and a smart fridge will only screech at you to buy another overpriced water filter. These things 00:01:40.480 --> 00:01:45.920 require very little processing power, so IoT devices usually aren't equipped with the latest and 00:01:45.920 --> 00:01:53.120 greatest CPUs or SoCs and as such are limited in their security capabilities. Instead, they might 00:01:53.120 --> 00:01:58.800 be operating on a design that's either many years old or produced to be as cheap as possible. 00:01:58.800 --> 00:02:05.040 I mean, no one would ever buy a smart toaster if it ran on a $400 Core i7. Even though that would 00:02:05.040 --> 00:02:11.280 definitely make your toast taste better. But underpowered hardware is far from the only reason 00:02:11.280 --> 00:02:16.960 IoT devices are easy to hack. Even if the hardware inside your favorite smart lock isn't particularly 00:02:16.960 --> 00:02:23.280 low-end or outdated, the fact that there isn't one standard for how IoT gadgets are designed 00:02:23.280 --> 00:02:28.880 and built presents other security challenges. There are different protocols smart devices use 00:02:28.880 --> 00:02:35.840 to communicate, such as Wi-Fi, Z-Wave, ZigBee, and Bluetooth, meaning there isn't a greed upon 00:02:35.840 --> 00:02:41.440 set of practices to secure the incredibly broad range of IoT devices out there. All of these 00:02:41.440 --> 00:02:46.480 protocols have different vulnerabilities, not to mention that these products usually have many 00:02:46.480 --> 00:02:51.600 highly specialized components from lots of different suppliers, making it difficult to 00:02:51.600 --> 00:02:58.000 coordinate a security strategy and close as many attack vectors as possible. Then you have the fact 00:02:58.000 --> 00:03:04.400 that the device-specific software simply isn't up to scratch. One common weak point is the use of 00:03:04.400 --> 00:03:10.000 hard-coded passwords. These are default passwords built into the device's software that cannot be 00:03:10.000 --> 00:03:15.840 changed by the user and are not chosen at random. Although this makes it easier to access settings, 00:03:15.840 --> 00:03:21.280 it significantly increases the chances that an attacker could guess or uncover the password and 00:03:21.280 --> 00:03:25.920 force their way into your network, even though you spent all evening coming up with the absolute 00:03:25.920 --> 00:03:36.560 masterpiece that is UNH4CKA8L3-6969. Even without an obvious backdoor like a hard-coded password, 00:03:36.560 --> 00:03:43.040 software for IoT devices is often rushed out in order to keep costs down or meet a release deadline. 00:03:43.120 --> 00:03:47.280 Or it can be configured out of the box with minimal security to make setup easier. 00:03:47.280 --> 00:03:51.680 This means that even if a product is shipped out without glaring defects in code, 00:03:51.680 --> 00:03:57.040 simply setting it up with the manufacturer's default settings can introduce a big security 00:03:57.040 --> 00:04:03.680 hole for a home. Bottom line? Research your stuff before you buy it. Tweak the settings to 00:04:03.680 --> 00:04:10.320 plug obvious security holes and put IoT devices on a separate network if you can. One simple way 00:04:10.320 --> 00:04:16.640 to do this is to put IoT on a 2.4GHz network and more sensitive devices on a 5GHz network, 00:04:16.640 --> 00:04:20.640 though there are ways you can split up your network even more securely. 00:04:20.640 --> 00:04:25.600 Look, many businesses do what they can, but with so many people working from home and remotely 00:04:25.600 --> 00:04:30.560 connecting to a company network, it wouldn't be surprising to see some multi-million-dollar 00:04:30.560 --> 00:04:36.720 trade secret get stolen by a hacker who made it through the work laptop of some middle manager 00:04:36.720 --> 00:04:43.360 who bought a $10 Wi-Fi enabled egg cart. Was it worth it, Harold? Can I call you Harry? 00:04:43.360 --> 00:04:46.800 So thanks for watching guys, if you liked this video, hit like, hit subscribe, and hit us up 00:04:46.800 --> 00:04:51.360 in the comments section with your suggestion for topics that we should cover in the future.