Another day, another cybersecurity hack, and this week it was Virgin Media’s Super Hub 2 home router that got hit here in the UK. Was is it a sophisticated hack? No, far from it: Virgin’s routers come with a short, easy-to-hack default password that was duly cracked, and the so-called Smart Home was suddenly not a very safe home at all.
Virgin Media’s advice to customers was that they should change this default password. But why is it a customer’s job to manage the device’s security?
I’ve never been an early adopter, I’ve taken things as they come, usually later than others. No Apple Watch, no mobile health devices, a cellphone I’ve had for years — and it’s only recently that I’ve taken to the Smart Home.
I march out of step with the times, but I remember the analog glory days when I could ride my motorbike in cities with immunity, make social comments with equanimity, and walk the streets with anonymity.
Now, cameras follow me around the city, I hesitate whenever I comment on social media, and I walk the streets on show.
It’s a different life, this digital one, but if I can’t go out of the house without having to go on stage, at least I want a quiet and safe life when I’m at home with my family.
Fat chance of that. I don’t have a Virgin router in my home, but other UK competitors such as BT, Sky and Talk Talk are just as vulnerable (I’m not saying which one I use; it’s too dangerous out there).
The Smart Home is a noisy one. Connected fridges, light bulbs, dishwashers, washing machines and alarms mean beep-beeps all the time. It is far from the sanctuary I expected it to be.
However, I endure it because of the “efficiencies” it brings, the fast broadband that means I do not have to commute to a London office, and the creep of technology that a teenage son relies on.
This Smart Home, however, is as dumb as they come when it comes to security. Of course, the Internet is infected, everybody knows that, but mostly we secure our laptops and cellphones.
The Smart Home is a different fish. The keys to the house are on display and it is disgraceful that products are being sold without any respect for domestic security.
Moreover, the highly annoying aspect of the Internet of Things is that I, as a consumer, seem to be getting the blame for not doing enough to prevent bad people from breaking into my house.
As I said, I’m not an early adopter. I don’t really know my routers from my firewalls, and I really don’t feel it is incumbent on me to do so. I EXPECT a safe home with products that are intelligent as well as smart.
Nobody in the cybersecurity industry seems to be held to account for this. We hear prophets of doom saying there is a cybersecurity skills shortage of a million people as if students who had the temerity to study other subjects, and not cybersecurity, are themselves to blame.
So it is with the Smart Home. I am expected to change the passwords on every shoddily assembled product and have to connect these disparate products as if I was the one who invented the Raspberry f***ing Pi.
However, I did note that a certain Paul Lipman from consumer security company BullGuard issued a mea culpa of sorts in Newsweek recently. I think it’s the first time I’ve seen or heard anybody in the industry speak out.
Lipman said, “IoT devices are often cheap and consumers should not have to change default passwords; we should have done that for them. For a lazy hacker who is now being confronted by more robust defenses at corporations, the dumb home is a place to steal candy from the proverbial baby.”
I couldn’t agree more.
Ransomware is everywhere, and the countless attacks and monitoring from every Tom, Dick and Harry never stop.
Two weeks ago Wikieaks disclosed that the CIA can turn home routers from 10 manufacturers, including DLink, Belkin, and Linksys, into surveillance posts. The CIA itself can infect devices. Apparently, it’s been doing so for years. And if the CIA can do it, anybody can do it. What chance have I got as a late adopter and a 21st Century John Doe?
I don’t want to have to protect myself, I want the devices that sell protection to do it for me.
I’m not feeling confident, but if IoT is going to hit the mainstream, then people like me are going to be part of it. Disconnection is becoming an increasingly attractive option.
Perhaps being a late adopter is a good thing where I know enough about technology to separate myself from it. Right now, I’m separating myself from the Smart Home until I see people in the industry fix this problem.
The Smart Home can only be secure if device manufacturers start talking to each other (literally) and release products that don’t need my attention to work and protect correctly. I am not to blame for their crap.
Monty Munford is an UK-based tech journalist, SXSW emcee, and public speaker.