Cybersecurity Myths – my home network is safe
Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some of the myths are because the world has changed and the advice is no longer valid. Cybersecurity myths can be spread by well-meaning people, but you need to consider them with a “pinch of salt”.
In this series of posts about cybersecurity myths, I reveal some common areas of belief, and what you need to do.
My home network is safe from hackers, as I don’t run a website from home.
There may be a thought amongst people that your home Internet connection is not a target for hackers, because you don’t have a website or email server running on your home network, so you are safe by obscurity. The problem here is that your home network may actually have many active devices that can be targets for hackers, and many of them do not need to be open to the Internet.
Modern homes contain many Internet of Things (IoT) devices like smart speakers, televisions, lighting, security cameras/doorbells, robot vacuums, even air-conditioners and fridges. These devices are connected to your network, and will respond to (properly crafted, with the right protocol) requests and queries.
There are two issues here – firstly, when a hacker wants to find a vulnerability, they will do a broad scan of wide ranges of the Internet, trying to access devices that have the default password, or devices that have out of date software that has a vulnerability. The hacker is not targeting you, they are looking for anything and anywhere that will respond to their scans. If their scan is looking for vulnerable Internet routers, then they will look for anything behind that router. The hacker does not care who you are, they may not even know what city/suburb you are in.
Secondly, smart devices often will initiate an outgoing connection to the Internet, to report their status/settings and ask for the next command, like “switch on”. Reputable devices will connect to a safe endpoint, but cheap and poorly designed devices may not be so trustworthy. If a hacker is able to hijack the “Command and Control” system for a Smart device vendor’s central system, the hacker now has the ability to command the remote smart devices all over the world. More deceptively, the smart device may actually be designed as a trojan to passively wait for the time it is activated to do nefarious activities. This outgoing traffic is not in any way protected by a firewall or any other standard network security device or setting.
Who is attacking?
Well, it could be either low-effort hackers who are scanning for old and vulnerable versions of a system – for which the protection is to update all your devices, firmware, and change default passwords. Or, it could be malicious hardware designed by nation states – for which the protection is to not buy non-name or “super-cheap-too-good-to-be-true” products [from China] in the first place. Most likely, it is a malicious exe or flatmate, a stalker or fired employee – for which the protection is to change all passwords that they might have known, and contact the Police. Rarely, it could be that the device manufacturer itself has a malicious employee – however they are more likely to be a pervert than an attacker.
How to protect yourself
As with most other Cybersecurity recommendations, it starts with you. Update all your devices (switch on auto updating), change the default passwords to something long but memorable and easy to type, be suspicious of all unsolicited communications – particularly if they claim they require urgent action, and generally do something more than the default of nothing.
