25 Things You Didn't Know Could Be Hacked
Connected devices, from telephones to cars to Wi-Fi routers, bring convenience into our daily lives. But they can also introduce new forms of vulnerability — perhaps more than you may think. Many smart-home devices have built-in passwords that hackers know about, and many pieces of urban and suburban infrastructure are wired in ways you probably don't know about.
Here are 25 everyday items that may leave you, or your entire neighborhood, open to hackers.
Home Wi-Fi Routers
Believe it or not, the most vulnerable item in your home may be your home Wi-Fi router. If you didn't change the administrative password when you took it out of the box, there's a good chance it can be remotely accessed by someone who knows the default username and password for your router's make and model.
Because he (or she) who controls the router also controls the network, that person could be watching everything you, or the rest of your family, do online. The attacker could send you to malicious websites that could infect your computers, empty your bank account or steal your identity. Do yourself a favor — find your router's instruction manual and change the administrative username and password now.
One of the most common items used to protect a home is often one of the most easily hacked. On Oct. 21, 2016, a robot network, or "botnet," of hundreds of thousands of infected security cameras bombarded a key piece of internet infrastructure with useless web traffic and knocked several prominent websites offline.
The cameras were mostly commercial models used by small businesses, but their owners had never changed their default administrative passwords. Many inexpensive home security cameras have the same problem. If you have one, make sure you change the password.
The 'Watch Dogs' video-game series involves groups of hackers trying to control various parts of a (slightly) futuristic city, but some experts think that's already possible.
At the 2015 RSA security conference in San Francisco, researcher Cesar Cerrudo detailed how hackers could reroute subway trains, change maps of underground gas mains, disrupt traffic lights and even make garbage cans overflow. Too many cities are investing in "smart" sensors and systems without testing their security, Cerrudo said, and the result may mean some major messes in the near future.
At both the DEF CON 21 hacker conference and its sister conference, Black Hat, a few years ago, researcher Daniel Crowley of Trustwave Labs in Chicago showed how to break into the LIXIL Satis, a Bluetooth-connected "smart" toilet sold in Japan.
The accompanying Android app had a default password of "0000," and an attacker could flush the toilet, close the lid, spray water, blast air and even play music while someone else was on the throne.
MORE: Best Smart Home Gadgets
Google, Uber and the U.S. military are building vehicles that drive themselves, but similar technologies are already used in many luxury cars. A group of Chinese researchers at DEF CON 24 showed how to confuse the collision-avoidance systems on Audi and Tesla models, including making real cars "disappear" from navigation screens.
At the earlier DEF CON 21 hacker conference, held in Las Vegas in August 2013, mohawked Australian hacker Andrew "Zoz" Brooks showed how to hack, confuse and generally mess with these autonomous vehicles, using such tricks as reflective paint to drive them into ditches.
As more cars become connected to smartphones and wireless data networks, they present new challenges for automakers and new opportunities for crooks. A Nissan Leaf owner, for example, discovered that he could track a car's position and speed using a simple web-based data-feed program.
Researchers at iSec Partners have demonstrated how cars with OnStar-like remote start and unlock features that rely on cellular networks can be broken into using a laptop and a technique known as "war texting." And we can't forget the famous Jeep hack of 2015, which cut a car's engine on the freeway and forced Fiat Chrysler to recall hundreds of thousands of vehicles.
Your Front Door
Electronic keypads and wireless remote security systems were once only for businesses. Now there are innumerable home electronic security systems, but if they aren't installed correctly, they can make your home more vulnerable to technically adept thieves.
Hackers can lift the code, for example, from a stolen smartphone or intercept the wireless signal when you open the door so that they can return later and empty your house. A talk at DEF CON 24 in Las Vegas showed that 75 percent of tested smart locks could be hacked.
Prevention tip: Make sure you use a strong password to secure your phone, and that any wireless lock system is set to use the strongest encryption setting.
MORE: Best Smart Locks
There are dozens of tiny GPS devices on the market designed to help parents keep track of their kids, either by hiding the gadgets in the family car or tossing them into a backpack.
Unfortunately, many of these devices don't have all the security features they should. For example, researchers have demonstrated how to hack into Zoombaks, one common brand of GPS tracking device, to follow users. (Zoombak has since patched the software that allowed this.)
MORE: Best GPS Kid Trackers
The phone-hacking scandal in the U.K. of a few years ago should remind us how easily most cellular carriers' voicemail systems can be accessed.
Unfortunately, landline voicemail systems work the same way. Many providers use a common set of dial-in numbers for voicemail, and many users leave the default password in place or chose a password that's easy to remember — and easy to hack — such as a birthday or a pet's name.
If your landline voicemail is still using the default password, change it.
MORE: Best Smartphones
That second-hand baby monitor may not be such a bargain after all. Security experts used to make a habit of demonstrating how they could tap into the video and audio feeds of numerous nanny cams while driving through suburban neighborhoods.
New models use channel-hopping or Wi-Fi connections to defeat such simple eavesdropping, but even they aren't safe. If parents don't change the default administrative usernames and passwords of their baby monitors, then bored teenagers can remotely tap into them and spy on sleeping children. (You've probably seen some version of this story on the evening news.) If the baby monitor has an intercom function, the miscreants can even talk to the kids.
MORE: Best Baby Monitors
Portable Game Consoles
Some older consumer electronics devices, such as the original Nintendo DS and the Nintendo DS Lite, will only work with the older, insecure WEP encryption standard in order to access a Wi-Fi network. (All Wi-Fi users should be using the stronger WPA standard instead.) Check around your house — that hand-me-down game player may be offering hackers an open door to your network.
MORE: Best Nintendo 3DS Games
Bluetooth Car Kits
Bluetooth is ubiquitous among headsets, and a hands-free headset is a good way for drivers of older cars to stay within the law in many states. However, Finland-based Codenomicon Defensics, a security testing firm, warns that many Bluetooth devices are easily hacked. Users often leave these devices vulnerable by failing to change the default device-pairing passwords (such as "0000" or "1234"); be sure to change yours if you can.
A researcher at the 2011 Black Hat hacker convention in Las Vegas demonstrated how he could hack into the wireless signals put out by automatic insulin pumps implanted into human bodies. A couple of years earlier, another team discovered how to turn off a pacemaker by remote control, and companies have developed wearable "shields" to prevent hacker-induced heart attacks. Vice President Dick Cheney had his pacemaker's wireless receiver disabled because of this threat.
Don't ever leave the door to your garage unlocked. There are dozens of videos on YouTube showing how to hack garage-door openers. Some methods use wires, others run through common garage-door codes using smartphones and one method even uses a child's toy. Poof! Your garage door opens, and anyone can just walk in.
BEST: Worst Online Scams
Believe or not, you can make a red light change to green. Police, fire and emergency vehicles have infrared transmitters that communicate with receivers on traffic lights to do just that. Home versions of such transmitters can be built with a little technical know-how, but a federal law forbids their unauthorized use.
At the Black Hat 2013 security conference in Las Vegas, researcher Jennifer Savage showed how to hack into her daughter's Karotz, formerly known as the Nabaztag, a cartoon-like plastic bunny that has Wi-Fi connectivity and can read out emails, news and weather. Savage made the Karotz play creepy music and use its camera as a spy tool.
Home Automation Systems
Security researchers Jennifer Savage, Daniel Crowley and David Bryan showed how to break into internet-connected home automation systems at Black Hat 2013. These systems let home owners control temperature, lighting and locks from a central device, often a smartphone. Many of the tested systems had little or no security of their own, with one so poorly configured the researchers called it a "broken device."
Thermostats and Electric Meters
Smart home thermostats and electric meters automatically adjust according to time of day, power demand and Internet commands. At the DEF CON 21 hacker conference in Las Vegas a few years ago, researcher Daniel Crowley showed that some Wi-Fi connected thermostats ask for no passwords when being accessed over the Internet. In 2012, German researchers eavesdropped on "smart" electric meters and could tell when residents were awake, asleep or out of the house — and even what was being watched on TV.
MORE: Best Smart Thermostats
At the DEF CON 20 hacker conference in Las Vegas in 2012, Canadian hacker Brad "Renderman" Haines showed how easy it would be to hack into the next-generation air-traffic-control system being deployed worldwide. According to Haines, intercepting and interfering with air-to-ground communications could lead planes off course, cause aircraft to "disappear" or even create "ghost" planes on controllers' screens.
Hacking air-traffic-control systems
At the Hacker Halted 2011 security conference in Miami, researchers Tiffany Strauchs Rad, John Strauchs and Teague Newman hacked into an industrial programmable logic controller to show how to open all the cell doors in a prison at once. Sounds unlikely? The same kind of industrial controller was hijacked by the NSA-created Stuxnet worm to damage equipment at an Iranian nuclear facility in 2010.
At the Summercon hacker conference in New York in June 2013, researcher Michael Coppola showed how to hack into a Wi-Fi connected bathroom scale, which sent data to its manufacturer's website to track the user's daily weight loss. Coppola hacked into the scale so it displayed "SEE YOU AT SUMMERCON" and uploaded data so that the online weight-loss graph read "SUMMERCON" in bright letters.
MORE: Best Smart Scales
At the Black Hat 2013 conference, three different teams gave presentations on hacking Samsung's "smart" TVs. As one presenter showed how to tweak the TV's Facebook app to spy on the set's owner, he pointed out that these TVs — and similar smart TVs from other manufacturers — are really just big smartphones, but without much built-in security. (Samsung has since patched the holes.)
Hacking smart TVs
MORE: Best TVs
In 2012, University of Texas researchers showed how to send fake GPS signals to a drone aircraft, causing it to go off course as Department of Homeland Security officials watched. The Iranian military said it had used the same technique in 2011 to crash-land an American drone, but U.S. military officials said a routine malfunction was more likely.
MORE: Best Drones
Low-Earth Orbit Satellites
At the Summercon 2013 security conference, researcher Travis Goodspeed showed how to, in his words, "knock satellites out of the sky." With surplus parts he bought online, Goodspeed built his own satellite ground station, which was able to receive data from and transmit data to satellites, change their orbits and, potentially, bring them down to Earth.
Many "prosumer" digital cameras have Wi-Fi chips so that photos can be instantly uploaded. It's not hard for a hacker to intercept those feeds, as security researcher have shown. Nor is it difficult to remotely hijack the camera's functions. If your camera starts taking photos while you're changing clothes, you'll know why.