Smart home devices

Old smart devices will be a massive security risk

Your smart lights, smart fridge, home router, smart TVs, thermostats, doorbells, and clever appliances will become a massive security threat when they no longer qualify for updates.

A technology marvel in your smart home could become a massive security liability and leave you open to hackers and botnets after they pass their use-by dates.

The likelihood of today’s smart devices morphing into ‘zombie devices’ without security upgrades could see your smart fridge launch botnet attacks and, on a mass scale, be a threat to national security.

The prospect of ‘zombie devices’ in their millions getting into users’ bank accounts or monitoring their movements at home using installed security cameras, is as disturbing as any zombie apocalypse movie plot from the 1970s.

Yet the chance that your smart home could turn into a retirement village for dangerous old tech is very real, according to a report by Stacey Higginbotham, writing for Consumer Reports.

It’s not hard to understand why. You buy a smart gadget, use it at home for ten years but don’t realise you haven’t received any software and security updates for four years.

Your smart refrigerator could become a hacker’s paradise as it ages.
Your smart refrigerator could become a hacker’s paradise as it ages.

During those four years, hackers have developed computer code that makes it easy for them to intrude into a home network lacking the latest software security. The same applies to office networks.

In her paper, Ms Higginbotham disturbingly details cases where this is happening already.

One, she says, is a 2023 case where state-sponsored hackers in China used routers and cameras in homes and small businesses to create a botnet that could take down infrastructure and websites.

“The attack was possible because these devices had stopped receiving software updates that fixed known vulnerabilities.”

She said Cloudfare, in a report late last year, named compromised smart TVs and digital set-top boxes as the largest source of traffic used in DDoS (denial of service) attacks.

The question is what can be done.

There are options. Manufacturers might be asked to tell you when any smart device is no longer receiving software and security updates and advise you to take it offline.

Devices such as smart lights, smart ovens and fridges, smart TVs and smart speakers might keep working without an internet connection.

But that’s easier said than done, particularly when it is smaller manufacturers. How would you police them?

Manufacturers could stamp ‘valid until’ dates on devices they sell, similar to ‘use by’ dates with foods and medicines.

They could keep producing software and security updates indefinitely to avoid the problem altogether.

The nuclear option would be a self-destruct mechanism that stops the device functioning or connecting to the internet when there will be no more security updates. The mechanism could be triggered by the final security update.

Manufacturers would probably want to avoid a nuclear option at all costs. This is a debate we are yet to have.

Published by Channel News Australia, February 10, 2025

Posted in News and tagged , , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.