search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
RANGE REVIEW: SECURITY & SAFETY


You could even Google how to do it yourself and find videos on Youtube. That takes DIY to the next level!” Just a few other items that her hackers have been able to gain access to include connected lawnmowers, thermostats, and smart plugs.


Gaining access And what about products that are supposed to make consumers’ homes safer? Security systems put in place to protect


their home/


business, its contents and their family, if breached, could actually be the very thing that gives the people they are trying to keep out, access. It may sound very dramatic but cyberime and hackers are getting more sophisticated and, even for those with limited skills, there are online tutorials and ‘how to’ videos available on Youtube to help complete beginners hack into everyday products. Not to mention search engine, Shodan.io.


One quick and very basic


search on Youtube flagged up results of videos about hacking Bluetooth smart locks, smart TVs, thermostats, smart plugs, wireless CCTV and video doorbells. On Shodan.io I found detailed reports of vulnerabilities of a host of big- name products, including Yale home security systems.


computer


Mary-Jo explains: “There is a security conference


in


Las Vegas every year called Black Hat Briefing and, when most things are hacked or breached there,


that knowledge is then


shared worldwide. I sincerely hope manufacturers look at Youtube to see if there are ‘how to’ videos on hacking their products. It’s more common than you think.”


Internet security expert VPN Mentor also uses a team of hackers to highlight the weaknesses in security for some devices, including a


Ring first-generation smart


doorbell. They noticed an orange button on the back of the doorbell device that can be easily accessed using a regular screwdriver. Once the button is continuously pressed, the hardware device turns into an unprotected wifi access.


Slow reaction Worryingly, Mary-Jo, who spoke at this year’s Global DIY Summit, says that, all too often, manufacturers are uninterested and show no concern about these threats.


“When I was talking to people after my presentation, most manufacturers didn’t understand what I was saying and I got the glazed look from them. Others said to me ‘I only have one task and that is to make DIY products. I


www.diyweek.net


“You spend a lot on developing these prod- ucts but you need to spend a small percent- age of that cost on run- ning a test and see if it is secure” Mary-Jo de Leeuw


home technology – with the risk of a serious cyber-breach potentially exposing their personal details to opportunist criminals.


Showerstoyou.co.uk managing


understand what you’re saying but it’s not my problem’. “It really concerns me, as there is


a serious lack of safety. Yes, products are going to get more expensive if they are made safer and people want competitive prices but there is a bigger issue here.


“They think this isn’t their problem – they want to manufacture, not to secure stuff, but they don’t get that it will become their problem.” Asked what steps Mary-Jo thinks


manufactures need to be taking, she explains that companies should be testing their products and also investing


in more sophisticated


software to support the devices. “With some products out there, the solution is simply the software. They have to develop, build or buy better to secure the device. A lot of companies, when they are bringing something to market, use a small, minor app to control it. It’s the cheapest way and they don’t think they need any more but that is why they can be breached so easily.” She believes manufacturers need to look at the design and asses if it is fit for purpose and needs some of the features. “The questions I ask people first off is ‘is it really necessary that there is a microphone or camera in this product? With a lawnmower or vacuum cleaner, I don’t understand why there is a camera inside.” She adds that users can also apply the same technique to protect themselves – “If you are not using it, get a piece of tape and cover the camera.”


In terms of improving the


technology behind the device, Mary- Jo says manufacturers need to think about how to make sure that users of the software get updates. “Compare it to Windows – every first Tuesday of the month, they release new updates,” she says referring to the computer software giant.


“And then look at Shodan.io,” she continues. “It lists the vulnerabilities of products, so one of the first steps for manufacturers is to go there. They can check for free if their product is named there. Everything listed there can be breached and the blueprints are out there for people to see.” Finally, she insists that companies invest


need to in testing their


products. “You spend a lot on developing these products but you also need to spend a small percentage of that cost to run a test and see if it is secure. It could even be a quick scan,” she explains. People trust the brands they


are buying from to have already invested in securing the devices they buy. “I know a guy who spent £200,000 on a new set of security products. I asked him how much he spent on testing these products and he looked at me like I was joking. Consumers think ‘if I spend this much and buy from a trusted brand, it will be safe’. They put the onus on the company and think they will have done the testing.”


Increasing awareness But if you think consumers aren’t waking up to these concerns, then you’re wrong. They may have been swept up in the novelty and ease of being able to control their devices remotely but some are starting to think twice about what it means to open up their homes and lives to this technology and being connected to the internet of things. A recent survey by online


bathroom retailer Showerstoyou. co.uk revealed that 39% of Brits are reluctant


to buy smart home


devices and appliances because they believe they are vulnerable to cyber- attacks or hacking. Equally, 36% are worried about ‘data privacy’ when it comes to managing smart


director Martin Smith commented on the findings: “Smart home technology has come leaps and bounds over the last decade,” but added that the company’s research “highlights how the risk of a cyber-attack or breach, is factoring prominently in the decision-process of consumers to adopt the technology in their home.” VPN Mentor also highlights the danger of consumers purchasing used products. The firm suggest as many as 55% of smart device owners are in the dark about how the products actually work and asks whether those who bought second-hand smart home devices be welcoming a threat to their families into their homes?


The ‘digital assistant’ is the feature non-users are most aware of when it comes to smart home devices and appliances. However, since Amazon Echo’s launch in November 2014, terms such as “second hand Alexa” and “used Alexa,” have seen a Google trend increase of 131% and 502.86% respectively.


Hackers can bug the device and will then resell it online to a buyer who is unaware they’ve purchased a pre-hacked-device. As a result, the hackers are then able to access it remotely without ever having to enter the home. Ethical


hackers working


behalf of VPN Mentor worked to exploit a vulnerability related to the first-generation Echo’s physical design. They were then able to open the device up and manipulate it, live streaming audio from its microphone, and remotely using its services. There has


also been a huge


increase in the reported number of cases of domestic violence related to connected DIY products. “If someone doesn’t delete the app from their phone, then they still control the heater in the house or the security system,” Mary-Jo explains. Concluding, she says: “People


think I am here to scare them but I am here to tell them they need to feel confident that products have been made safe. There needs to be a more awareness by the buyer… When I


first started spreading


this news, people didn’t want to hear what I had to say. I even had someone physically shut the door in my face. “But now, they are calling me. People are waking up to the threat. I really want this digital world to grow but also to be safer.”


28 SEPTEMBER 2018 DIY WEEK 11


on


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36