The items in your home spying on you right now
Smart fridges, doorbells, televisions, garage doors and even locks have been recognised as a major cybersecurity threat in Australia with the release of a new code of practice designed to ensure Australians can use them "without falling victim to cyber criminals".
But computer security experts warn the 13-part voluntary code may not be enough to prevent widespread security dangers as the worst offenders will not be forced to change their ways under the code, and Australia still has a way to go to catch up to progress in other countries.
Home Affairs Minister Peter Dutton and Defence Minister Linda Reynolds released the code of practice on Thursday, meeting one of the requirements of the Federal Government's new 2020 Cyber Security Strategy.
Ms Reynolds said the code's 13 recommendations for smart home device makers were designed to protect consumers from hidden risks.
"Boosting the security and integrity of internet-connected devices is critical to ensuring that the benefits and conveniences they provide can be enjoyed without falling victim to cyber criminals," she said.
The Securing the Internet of Things for Consumers report estimated more than 21 billion internet-connected devices would be installed in homes worldwide by 2030, with other forecasts as high as 64 billion, creating an urgent need for "cybersecurity provisions that defend against potential threats and malicious cyber activity".
The code's top three priorities for device makers include ditching default passwords that could be easily hacked, issuing regular security software updates automatically, and disclosing security problems when they occur.
The code said manufacturers should also accept warnings from the public about problems and introduce "a bug bounty program (that) encourages and rewards the cybersecurity community for identifying and reporting vulnerabilities".
Recent smart home hacks have included internet-connected baby monitors, doorbells, printers, and garage door controls.
Despite threats detailed in the report, Australia's code will be voluntary - described as "encouraged but optional" - for device makers, which Okta cybersecurity executive director and "white hat hacker" Marc Rogers said would not guarantee "the impact we all hoped it would have".
Mr Rogers, who recently gained unauthorised access to 10 out of 12 smart home device during a three-day hackathon, said this type of consumer technology posed real risks to both consumers and national security if not designed safely and updated regularly.
"In places like China, these devices are made very cheaply, they have default passwords you can't change, and sometimes the code is five or six years old before the device even hits the marketplace," he said.
"It should not be the users' responsibility to make sure these thing remain secure. Manufacturers should ensure these devices are secure by design."
Mr Rogers said Australia's voluntary code followed similar guidelines in Britain, where the government had now proposed to make them mandatory for all smart home devices sold in the country.
Mimecast principal technical consultant Garrett O'Hara said the new guidelines for both countries were "a step in the right direction" for a growing area within the market that was essentially lawless and riddled with risk.
"It's a wild west," he said. "There is no global tick or seal of approval for these devices … or standards like we have for other products sold in this country. We don't have consumer rights or law to protect buyers. The market is driven entirely by price, not what's best for Australian citizens."
Mr O'Hara said Australians looking to buy any connected gadget, from a connected toaster to a smart coffee warmer, should look beyond the fun aspect of it and consider whether it would come with security protections.
And Mr Rogers aid consumers should carefully consider a brand's reputation and, if they had suffered a security problem in the past, how they had reacted to it.
"Sometimes (having been hacked) makes them a better company," he said.
SMART HOME DEVICES THAT HAVE BEEN HACKED:
Philips Hue Lightbulbs
Ring Video Doorbell
Samsung smart fridges (early models)
LG SmartThinQ washing machines
Chamberlain MyQ Hub garage door openers
McLear NFC Ring smart door locks
iBaby Monitor M6S
Orvibo Smart Home devices
Originally published as The items in your home spying on you right now