Consumer organisation Test Achats and the university of Leuven have warned that ‘smart’ household appliances may present a security risk.
Smart devices are very much present in modern homes: smartphones, baby monitors, garage door remotes, automatic vacuum cleaners etc.
Test Achats undertook testing of 16 smart devices for use in the home, together with three other consumer protection organisations in Spain, Portugal and Italy, and discovered 54 different security faults, some of them serious.
The organisations point out that the situation is no better now than when a similar test was carried out in 2018.
Of particular concern are low-price appliances from unfamiliar brands, which are commonly sold on internet marketplaces including AllExpress and Amazon.
Among the problems discovered: a lack of encrypted communication, poor programming and weak default passwords.
Not all of the problems are with cheap products. The TP-Link Archer AX73 wifi router is an expensive product (€148 on bol.com), but the tests found that it has a default password that would take hackers seconds to crack, leaving the owner’s network wide open.
Other named examples are the 360Eyes baby monitor, which can be taken over by anyone who knows the email address of the user. And the smart door lock Raykube can also be hacked in seconds, leaving an empty home unprotected.
Test Achats is now pushing for tougher security standards for smart devices in the EU.
“Together with consumer organizations in our partner countries, we are urging European policy makers to ensure that the cybersecurity legislation currently under preparation at European level addresses identified shortcomings in the security of smart devices,” said spokesperson Simon November.
“Furthermore, new binding rules for manufacturers should be developed in additional EU legislation.”
Meanwhile, KULeuven has been carrying out research of its own.
“A smart vacuum cleaner sometimes has different cameras that are needed to map your living room. A powerful processor is present for all that computing power. Now hackers can break into your vacuum cleaner and watch it while it’s running,” said doctoral researcher Lennert Wouters. “Even more, they can map your living room and resell that data. The devices are as leaky as a sieve.”
His advice is simple: “Choose established brands as much as possible, although that is not always a guarantee,” he said.