“All code is written by humans at the end of the day,” says Asaf Ashkenazi, chief operating officer at Verimatrix, “and there will always be bugs engineered into the code.”
It’s these bugs that will allow hackers to compromise and control pretty much everything you own in 2020. As our world becomes dominated by devices connected to the internet, we will all have to be more vigilant over the way that we use everything, from cars and kettles to children’s toys and toasters.
The world of hacking has always been a scary place, and in 2020, it’s set to get scarier. However, there are a number of ways that you can keep your home, your possessions, your family, and your data safe.
- How to keep your smart home secure – We look at all the factors that could let criminals into your home, digitally and physically
- Can your car be hacked? – We dispel them myths and explain the dangerous reality of car hacking in 2020
- Phishing and online extortion scams – We show you how to spot nefarious emails and social media messages to prevent you losing money, your dignity, or even your life
How to Keep Your Smart Home Devices Secure
2020 could potentially be the year that everyone’s homes become smart. At CES this January, we encountered a range of smart products: a smart bath mat, a toilet roll-delivering robot, a shower head with an Alexa-powered smart speaker, and even a smart robot pet.
While there are many benefits to smart home tech – convenience of phone-controlled use, for example – there are also some significant security issues.
“Even something that seems relatively innocent – such as a connected coffee maker or kettle – could be hacked,” says Kevin Curran, senior IEEE member and professor of cybersecurity at Ulster University. “This allows criminals to know your pattern of use and, from that, they can make predictions as to when you’re at home or not.”
This level of insight to your schedule would be invaluable to a burglar. Even if, for example, you remember to turn your smart light bulbs on every day while on vacation, the fact that you haven’t been having your morning espresso from your smart coffee machine might be enough to let a burglar know you’re away.
Of course, you might be thinking that this sort of thing wouldn’t happen to you. Your wifi router has a strong password, and you make sure you know what you’re connecting to the internet. “Many IoT devices are not hardened to security because people think, ‘who wants to hack a fridge?,’” says Martin Roskelly, a business director at IT support and services company IntraLAN. “As soon as a device is connected to your local network, it becomes an attack surface worthy of a hacker’s time and effort, and an easy way into the network.”
And the smarter your home gets, the worse the problem becomes. “The more devices you have exposed to the internet, then the more exposure you have to potentially being hacked,” says Curran. “It means that you’re more likely to have neglected devices which are not updated and more vulnerable. There’s also the risk of a domino effect, where if one device becomes owned, it can easily spread to the remainder of the cluster on your network.”
“Cheap IoT devices, like some smart home gadgets, often lack sufficient security,” says Paul Bischoff of comparitech.com. “There’s usually no indication of whether data is encrypted, or who can access it – users have little way to know whether they’re protected or not. This could allow a hacker to hijack the device and use it as part of a botnet, for example. And if the device requires a login, the hackers could steal your password.”
Part of the problem with smart home security is that there are no standards for protection. “The lack of a global standard of endpoint protection for IoT connected devices is worrying,” says Campbell Murray, global head of BlackBerry Cybersecurity Delivery. “National standards are emerging, but there is still no guarantee that all your devices are secure.”
“The harsh reality is that internet-of-things security is largely self-regulated,” Campbell continues. “Without cybersecurity warnings of age restrictions on connected products, even devices such as kids’ toys can be valuable entrances to connected systems for cyber attackers.”
How to secure your smart home
Fortunately, there are a number of ways you can protect your smart home network.
“To keep all home devices more secure, you need to make sure the underlying router and wifi are better protected,” says Alex Hinchcliffe, a threat analyst at Palo Alto Networks. “Take time to ensure your router has a good, complex, unguessable password. You may consider configuring it not to broadcast the SSID as well – that can make adding devices a little harder, but it makes it ever trickier for people to try and break into your home network.”
It’s also important to make sure that when you’re buying smart home products, they’re compatible with Apple HomeKit and Google Home – this should ensure that there is at least some level of protection. Cheap devices might not be compatible with these standards, meaning they’re basically unsecured devices on your network which could be used as an entry point.
Can Your Car be Hacked?
“There are more lines of code in the new Ford GT than in the F-35 fighter jet,” says Ashkenazi.
Cars might seem like purely mechanical devices, but modern motors are effectively rolling computers. Many current models are equipped with computers to manage everything from wheel traction and engine performance to cabin infotainment.
“While ‘car hacking’ is something that you see in the news, the reality is that practical smart car security is more common than headlines may lead you to believe,” says Hinchcliffe. “A key differentiating feature with smart cars is they often have ‘smart’ lock and ignition systems that are tied to key fobs, or devices such as your smartphone.”
Manufacturers might tout the benefits of tying your car’s remote locking or engine start-up to your phone, but again, this can cause more potential problems.
“With Android Auto and Apple CarPlay, we’re adding more connectivity to the cars, and I can absolutely say that these are increasing attacks,” says Ashkenazi. “It’s not that Apple or Google don’t have good security engineers… but practically, even though they have very good engineers, there are still bugs in the code.”
And again, these bugs are gold dust for hackers, as Ashkenazi explains. “Whatsapp has been hacked twice recently, and while Facebook has a bug-bounty program which was finding bugs, the hackers were still able to locate bugs in the Whatsapp app to attack the operating system. If you think about the same thing in a car, the difference is, rather than an application, the manufacturer of the vehicle or the owner of the application is not managing to find all the bugs – and then these bugs could be the entry point to the car.”
So what happens if a hacker can gain access to a car? “It doesn’t have to be a hacker taking control of the car to cause crashes,” says Ashkenazi. “It can be an annoyance, too – like if car owners have to go to the dealership to update the software because the lights have been turned off so they can’t drive at night.”
This might sound fairly inconsequential – after all, cars have broken headlights all the time. However, consider for example that a hacker was able to remotely disable the headlights in all 2019 Toyota Camry models. In a moment, over 300,000 cars would be rendered useless at night. A hacking of this scale wouldn’t be an annoyance – it could tarnish Toyota’s reputation in the US, and could even damage the country’s economy.
It’s also worth noting that the hackers probably won’t be looking to engineer the deaths of all Camry drivers. Instead, they’ll be trying to extort the manufacturers. If the manufacturers pay up, the hackers will stop the bugs.
How to protect your car from hackers
“Unfortunately, there’s not a lot that people can do at this point,” says Ashkenazi. “It’s more the manufacturers that need to take responsibility.”
“But I think there is a lack of awareness of what the potential attacks could be like for cars which are running more and more code every year,” Ashkenazi continues. “As a consumer, what I hope is that one day, when we come to buy cars, we’re not just looking at the features it has, but also how secure it is. I hope that the media will be able to produce reviews of how good the security is.”
However, this kind of awareness and scrutiny seems some way off. In the meantime, consumers will have to make sure that any devices connected to their cars are secure, and hope that companies such as Ashkenazi’s Verimatrix will continue to protect the code in their cars.
“We think the best solution is one that you’re unaware of,” says Ashkenazi.
Phishing and Online Extortion Scams
“In 2019, we saw a resurgence in ransomware and botnet attacks,” says Sivan Nir, a senior analyst at Skybox Security Research. “In 2020, however, we’re likely to see phishing attacks rise in popularity.”
Phishing attacks are simpler than the other types of attack we’ve spoken about so far. The attacker basically pretends to be someone else – typically a large company – and sends the victim an email asking for sensitive information such as passwords, usernames, or credit card details.
For example, back in 2018, Airbnb users were tricked by online fraudsters. “The scam was designed to spread malware and harvest personal data by tricking email recipients into clicking malicious links and disclosing personal information,” says Mark Nicholls, CTO at cybersecurity firm Redscan. “They requested that users update their personal information in order to continue using the platform, but it was actually an attempt to harvest sensitive account and payment information.”
It was not by accident that the scammers carried out their attacks at the same time that the new GDPR regulation was coming into effect in Europe. “The irony won’t be lost on anyone that cybercriminals exploited the arrival of new data protection regulations to steal people’s data,” says Nicholls. “Using current events and trends as bait for social engineering attacks is a common tactic. This was a textbook phishing campaign, with opportunistic timing and a believable call to action.”
This year though, attackers will broaden their horizons. “Right now, we’re seeing an increase of these kinds of attacks on SMS, social media platforms, and gaming sites,” says Nir.
We write about phishing scams fairly regularly here at Tech.co. Phishers, for example, are going after groups as diverse as cryptocurrency companies to people using Adobe Creative Cloud. We’ve even spoken about how to spot phishing scams.
However, a worrying development in online scams is the rise of sextortion. You’ve probably already heard about sextortion attacks – you might have even seen the Black Mirror episode about it. But it’s bigger than you think.
“People do not realise the scale of organised crime that is growing around sextortion attacks,” says Jonny Pelter of SimpleCyberLife.com. “They compromise our devices (through phishing emails and malware), enabling them to take remote control of our webcams and record us naked, masturbating, or having sex. Recently, a gang of 20 cyber criminals was uncovered in France.”
The criminals created fake dating app and social media profiles, hoping to ensnare young people and film them using basic screen recording tech. The group were blackmailing thirty teenagers every day and, sadly, four of the victims were driven to suicide after being tricked into performing sex acts online.
How to spot a phishing or extortion attempt
The best way to spot a phishing attempt is if a big company starts asking for details that they should already know. For example, your bank probably knows your account number and sort code already – they shouldn’t be asking for it.
What’s more, you should never, ever, give out your password to anyone over the internet. Companies don’t need to know your password – they should already be able to access all the details they might need to know about you without your password.
An easy way to prevent someone from filming you via a webcam is by buying a webcam cover, taping the webcam over, or buying a laptop with a built-in camera lockout.
If you’re worried about getting stung by an imposter online, it’s worth reverse image-searching their photos. If they’re unusually evasive about meeting up in real life, or even talking on the phone, there’s a fair chance they’re not real, either.
Keeping Yourself Safe Online in 2020
“Familiarity breeds complacency,” says Andy Harris, chief technology officer at security company Osirium. “The key is paying attention to the technology you’re using. Is it from a trusted source? Is it up to date?”
While you might not be able to secure your car, and however scary the idea of a hacker running a botnet on all of your connected devices sounds, there are simple steps you can take to give you a base level of security.
Installing a complete antivirus solution on your PCs is a good start. Make sure you pick a service that protects against viruses, malware, and ransomware if possible.
Using a password manager is also a great idea. A good password manager – 1Password is our favorite – will keep all of your accounts secure with strong, unique passwords that you don’t even need to remember.
You can even add extra security to certain accounts by using a YubiKey. These are physical two factor authentication devices which can be added to accounts. If a hacker is trying to access your email, for example, and they don’t have your YubiKey, they’re not getting in – even if they know your password.
Whenever you’re using anything connected to the internet, vigilance is key. “Companies can exploit the rich data collected from your devices in almost real-time to learn more about consumer behavior,” says Curran, “and so can hackers!”
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page