YTread Logo
YTread Logo

How hackers could use smart home devices to spy on you (Marketplace)

May 29, 2021
- Let's talk about who's watching you. High-tech entrance and entrance. -Attention, Johanna and Peter, your house is being attacked. - What you need to know to beat the bad guys. This is your Market. - We travel to a small town in southern Ontario to give you some disturbing news. - A family that lives here is being watched by everyone and they don't know it. Here they are renovating their front porch. And here again, sharing more intimate moments on the back deck, captured by their own security cameras and streamed over the Internet for all to see. Anyone can keep an eye on their comings and goings.
how hackers could use smart home devices to spy on you marketplace
This is how we have located them, through their license plate. You can even watch with their cameras as we arrive to alert them about what we have found. -Hello. -Hello. -How are you? -Fine, thanks. Well, are you the owner of the house? -Am. -My name is Makda. I'm with the CBC. -Mmm-hmm. We are here for a strange reason. It has to do with your security cameras. -Well. - I don't know if you realize, but those cameras are actually transmitting over the Internet. -Actually? - Yes. So... How would you know? Actually, that's what brought us here. We want to show you what we found.
how hackers could use smart home devices to spy on you marketplace

More Interesting Facts About,

how hackers could use smart home devices to spy on you marketplace...

Actually? Yes, we can show you what's happening right now. -Wow. Well. - Do you see that over there? -And can you get that? - That's the way it is. This is what is happening right now. What do you think about that? I don't like that at all. - You had no idea this was possible? -No. -How long have you had those cameras on? -Six months, maybe. --Six months. -Yeah. -Where did you get them? Through Amazon. I ordered them, only online. They were just a plug-and-play system, so it was easy, no cables. Everything was wireless over the Internet.
how hackers could use smart home devices to spy on you marketplace
I didn't realize anyone

could

have access to that. - Actually, everyone can have access to that. On this website, it finds and displays security cameras that use default password settings. Toronto, Chatham, Medicine Hat, we have a house here in Mississauga. Here we have one in Vancouver. There are tens of thousands of them, broadcast from across Canada and around the world. And people don't know that anyone can access these cameras. The website says it is only trying to expose security problems. But these owners are the ones who are exposed. Watch this. They are putting together a puzzle.
how hackers could use smart home devices to spy on you marketplace
I can almost see... Wow. Clothes on the chair. Wait a second. Oh my god, I can see it. - Over the next few weeks we will try to find out where exactly these people live, so we can warn them. And as we look for clues, we find more private moments... by the pool, in the kitchen, even upstairs near their bedrooms, moments that are not meant to be seen by the public. And then one day... We've been looking for clues and today we got a result. Do you see this right here? This is the first time we have been able to distinguish a license plate.
When searching for the license plate and various websites, we limited you to one address. But is it the correct one? There is a pole here. You can see a lamp post. Let's go back to the video. You can see this here. Which appears to match the Google Maps Street view of this address. We're going to go to their house and tell them what we've been seeing and what other people can see. We head down the road, days later, when we think someone is

home

. And once again, our arrival is broadcast on the Internet. Hello. -I'm Makda from the CBC. -Yeah.
And the reason I'm here has to do with your security cameras. I don't know if you realize, but those security cameras are actually streaming over the Internet. -Oh I did not know. -The owner wants his identity to be protected, although his life has already been monitored around the world. We're about to show you how. You can see here that it's a little late, but then... I'm just going to... -Well, that's not right. Look, there we are. Mmm-hmm. - And these are your cameras. Did you ever think something like this was possible? -No no. And since when have you had these cameras?
February. Well, can I ask you why you thought about getting them and installing them in the house? I have teenage children and I want to see what's going on at

home

, especially when I'm traveling. So, did you buy them for your family's safety? Yes. And you never thought something like this, that someone

could

just look inside your house? No. - It is difficult for you to process information. The measures you have taken for safety reasons may actually be causing harm. And what exactly have people seen? -I mean, I have a pool, I go in and out and this and that.
If my kids aren't around I don't need to change or anything, you know? It's just...privacy is already ruined. I don't know how you do that right. How are you going to have the conversation with your family about this? I'm not sure. I'm not sure. It is quite disturbing and disturbing. I am not going to lie. That's invasion of the privacy of my home, right? - Knowing that these cameras are playing for anyone to see, if we find out, it doesn't take much for anyone else to find out. Well, I'll disconnect them as soon as I get back in. - So how was the privacy of these owners so violated?
We do more excavations. -We have a delivery. Professional video security. - This camera system is the same type used by both families. It is sold by a company called OOSSXX. -Let's put this up so we can spy on you while you work. - Oh, that sounds great. -So what is this? This is the one on the bottom right. - Configuration is relatively easy. But when it comes to connecting it to the Internet, the problem becomes clear: the system does not require you to set a password. The factory default setting password is empty. This means that you do not need to fill out a password. - Username, administrator.
That means that once you are online, other people will also be able to access your cameras and there will be no warnings. Well, that's the problem. We asked OOSSXX why it doesn't insist on a password like other companies do. But they didn't answer our questions. - More

smart

home secrets. -What was that? - And trying some of the best brands. -I like to have the different security cameras so you know what is happening. - Will this family experience a hacking attack in their home? Get more market. Subscribe to our weekly newsletter at cbc.com/

marketplace

. - This is your Market. - Across Canada, homes are being transformed thanks to so-called

smart

devices

that promise to make things more convenient and safer.
It's automated control of everything from our lights and locks to our televisions and temperature. -Alexa, set the thermostat to 23. -Okay. -Alexa, kitchen light on. -Well. - In Canada alone, more than 100 million of these

devices

are connected to the Internet. But there is a drawback. Many people don't know how to protect their smart devices, allowing

hackers

and pranksters to invade their homes and privacy. -What was that?! - This woman is terrified by the 21st century version of a prank call. -I can see you. -Whoever controls her camera will also be able to communicate with her. - Even the smallest babies are victims.
Traumatized at night by someone who took control of the baby monitor. The dark side of all this new technology may not occur to most. -Yes, that's the interior. - Johanna Kenwood and Peter Yarema believe that smart devices are interesting and practical. -I love it. I think it makes life a lot easier. - But they also seek security. -And that's why I like to have the different security cameras, so you know what's happening. - That's why they are careful to choose the best brands that promise safety as a priority. Nest cameras. And a new Schlage lock for the front door.
It is connected to a central shaft manufactured by Wink. All devices are controlled by apps on your phones or by your personal Amazon assistant. The thermostat is off. Yeah, I want to get more, just spread them out a little bit more so I can walk around the house and have all the different ones working. - But could devices like these make us more vulnerable? We're about to find out. -Park right here. - This van carries three white hat

hackers

. Arsenii, Chris and Michael work for a company called Scalar. Make sure wireless packages... - Companies hire them to test your security and find weak spots before the bad guys do.
Here we go. - Johanna and Peter have agreed to let these guys do whatever it takes to hack into their house. Well. - It's not long before they discover a key component. -Here we go. There it is, guys. Nice. - They crack the password of the home Wi-Fi network. -Free WiFi for everyone, now-- -And then he finds out it's the same password Peter used to control the thermostat. Very good, connected! - But to have full control, they decide they also need Johanna's password. Back at headquarters, they create a phishing email. It is fake and designed to trick Johanna into revealing her password.
Oh, she's opened it. The message has been opened. -If she clicks on the link you sent her, you will be able to control almost all the smart devices in her house. The waiting game doesn't last long. Here we go. We have credentials, incredible! - And so, they are ready to hack the house. You can only see us when we want. - Don't let this happen to you. It's pretty scary that they can access so many devices. - How to fight a home hack. Do you have a story you want us to investigate? Write to us at Marketplace at cbc.ca. - This is your Market. - We are inside a house in Oakville, Ontario, full of smart devices.
What do you like about having these smart devices? -Convenience. Just some of the simplest things, you have your hands full, you need a light on. I like security. I like being at work and having notifications go off and knowing what's happening at home while I'm away. - But outside, three guys in a van, who have something to prove about that security. They are going to try to hack it. Good to go. We'll see. Let's see what we have. - Do you have a favorite device? Good question. I'm going to say it's probably the inside camera, just so I can see the little dogs and see what's going on. - Okay, what's going on?
Did you see that a moment ago? Attention Johanna, Peter, they are hacking your house! Well, that's surprising. - Did you expect that? No, not the Nest camera, because they're usually... supposed to be the best and safest ones out there. - He just talked you through it. I know. - And did you see what was happening behind us? Yes. It's time to turn up the heat here. Check your thermostat! Well, our air conditioning just went up to 32 degrees. Then it will be hot here. - What do you think about that? It's pretty scary that they can access so many devices, especially...
I guess I'd rather say the camera in the living room. Because that's, you know, it's our house, it's the inside, we have a child here, and knowing that someone can come in... - Outside, in the truck, they're not done yet. Things are about to get even more disturbing as our hackers show the real damage they can cause when they target this personal assistant. Alexa, order a 4K TV. I added a Samsung 4K TV to your shopping list. - And now what would happen if someone could do that? I'm wondering if they have access to my full Amazon account, which has my credit cards, my bank card.
It's all there. - What if they do? I guess I will soon be very broke and owe a lot of money. -Guys, do you want to see what we are doing outside? Take a look at your security camera. - What is happening? Do not want to load. Ah, there it goes, offline. - Your camera is offline. Yes, if I was at work and someone walked onto the property, I would have no idea. You can only see us when we want, and that time is now! - So, he said that you can only see us when we want you to see us.
That's so creepy. - You said it's creepy. Because? What's that? -That's the lock on our front door. That's the lock on our front door, yes. I'd say that's the most concerning of them all. And unlock. I feel insecure now. Hi guys. I just walked in. My name is Arsenni and we just compromised your house. - He just opened your lock. He came in here. How do you feel now? To be honest, a little terrified. - Because? I will say, especially if I'm not around, that we have animals and we care about their well-being and, you know, we don't have the fanciest things, but, you know, you just feel invaded.
They are your things. It is your house. -Arsenni says his team could have done a lot of damage if he really wanted to. If he saw us, we could take the camera away, walk over and open the door, grab a package or whatever and leave. - What advice do you have for them? How can you make sure you protect your devices? Well, for one, change your passwords. You want to have different passwords for each of your online accounts. Make sure you have extra strong passwords for important things like your email or, for example, the Nest camera, because the Nest camera is a real window into your life, right?
Really is. - Strong passwords are essential. The longer the better: at least 16 characters. In fact, try using a passphrase, three orfour words that together mean nothing, but that you will remember. Or use a password manager that generates and remembers passwords for you. As for smart device manufacturers... Anyone logged in? Is it a suspicious login? Isn't it your home IP address? - Arsenni would like to see some changes. What can manufacturers do to make things safer? The main thing they could implement would be the use of two-factor authentication, because, you know, having just a password as the only thing that protects your smart home is not enough. - Some companies, such as Apple and Google, already offer two-factor or two-step authentication.
When you sign in to your account on a new device, they ask for a special code that they send to your phone, confirming that it's really you and not someone who stole your password. We asked the manufacturers of Peter and Johanna's devices about two-step authentication and why it's not necessary. Amazon and Nest say they have that option and encourage people to use it. Schlage says his locks just received orders from the Wink center. And as for Wink, after sharing the results of our research, he announces a big change. Wink is now "taking immediate steps to implement two-factor authentication." Meanwhile, our owners are also taking action.
Those unsecured cameras were quickly taken offline and are no longer open for the world to see. Peter and Johanna say they've learned a thing or two. How do you feel about this? You have these devices because they were cool and convenient. And they were supposed to be safe. - Do you still feel that way? Not precisely. -I would probably remove the Wi-Fi door lock and save it as a keyboard. - Any other changes you would make? Definitely passwords. I think that will be the first thing after they leave. Everything is going to change. - Covert control of the security location.
Oh my God. Oh my God. That baby is like nine months old! The children simply do not know that she is not safe. We are seeing injuries occurring with a speed and force that we would not normally see. I asked her to stand up and that's when we realized she couldn't get up. - We visit trampoline parks all over the country, in Ontario, Alberta, Nova Scotia and BC. It's an unregulated industry that no one is looking at, until now.

If you have any copyright issue, please Contact