How hackers could use smart home devices to spy on you (Marketplace)
- Articles, Blog

How hackers could use smart home devices to spy on you (Marketplace)


[ ♪♪♪ ] -[ Makda ] Let’s talk about
who’s watching you. High-tech break and enter. -Attention, Johanna and Peter,
your home is being attacked. -[ Makda ] What you need to
know to beat the bad guys. This is your Marketplace. [ ♪♪♪ ] -[ Makda ] we are travelling to
a small town in southern Ontario to deliver
some disturbing news. -[ Makda ] A family who lives
here is being watched by the whole world, and
they don’t know it. Here they are
renovating their front porch. And here again, sharing more
intimate moments on the back deck, captured by their
own security cameras, and broadcast over the
Internet for all to see. Anyone can keep an eye on
their comings and goings. That’s how we’ve
tracked them down, through their license plate. You can even watch
on their cameras, as we arrive to alert
them to what we’ve found. -Hi.
-Hello. -How are you?
-Good, thanks. Good, are
you the homeowner? -I am. -My name is Makda. I’m with the CBC.
-Mmm-hmm. We’re kind of here
for a strange reason. It has to do with
your security cameras. -Okay. -[ Makda ] I don’t know
if you realize this, but those cameras are actually
broadcasting on the Internet. -Really? -[ Makda ] Yeah.
So– How would you know? That’s what brought
us here, actually. We wanna show you what we found. Really? Yeah, we can show
you what’s happening right now. -Wow. Okay. -[ Makda ] You see
that right there? -And you can just get that? -[ Makda ] That’s right, yeah. This is what’s
going on right now. What do you think about that? I don’t like that at all. -[ Makda ] You had no idea
that this was possible? -No. -[ Makda ] How long have
you had those cameras up? -Six months, maybe.
–Six months. -Yeah.
-Where did you get them? Through Amazon. I ordered them, just online. They were just a
plug-and-play system, so it was easy, no wires. Everything was wireless
through your Internet. I didn’t realize that anyone
could have access to that. -[ Makda ] In truth, everyone
can have access to that. On this website, that searches
out and shows security cameras, that are using
default password settings. Toronto, Chatham, Medicine
Hat, we’ve got a house here in Mississauga. Over here we have
one in Vancouver. There are tens of
thousands of them, streaming from across
Canada and around the world. And people don’t know that
these cameras can be accessed by anybody. The website says its just trying
to expose security issues. But these homeowners are
the ones being exposed. Look at this. They’re putting
together a puzzle. I can almost see– [ Gasps ] Wow. Clothes on the chair. Wait a second. Oh, my gosh, I can see her. [ ♪♪♪ ] -[ Makda ] Over the next several
weeks we try to figure out where exactly these people live,
so we can warn them. And as we search for clues, we
find more private moments… By the pool, in the kitchen,
even upstairs near their bedrooms–moments not
meant for public viewing. And then one day… So, we’ve been looking for
clues and today we got a hit. See this right here? This is the first time that
we’ve been able to make out a license plate. By searching the license
plate and various websites, we narrow it down to an address. But is it the right one? There’s a pole here. You can see a light pole. Let’s go back to the video. You can see this here. Which seems to match the
Google Maps Street view of this address. We’re going to their house and
we’re going to tell them what we’ve been seeing and
what other people can see. We’re heading down the
highway, days later, when we think someone’s home. And once again, our arrival
is being broadcast over the Internet. Hi. -I’m Makda with the CBC.
-Yes. And the reason why
I’m here, it has to do with your
security cameras. I don’t know if
you realize this, but those security cameras
are actually broadcasting on the Internet. -Oh, I didn’t know that. -[ Makda ] The homeowner
wants his identity protected, even though his life has already
been watched around the world. We’re about to show him how. You can see here
it’s a bit of a delay, but then… I’m just going to… -Well, that’s no good. See,
that’s us right there. Mmm-hmm. -[ Makda ] And these
are your cameras. Did you ever think that
something like this was possible? -No, no. And how long
have you had these cameras? February. Okay, can I ask, why
did you think of getting them, and setting them
up around the home? I have teenage kids and I
wanna see what’s going on in my home, especially when
I am away travelling. So, you got them
for the safety of your family? Yeah. And you never
thought something like this, that anybody could just
look into your house? No. -[ Makda ] He struggles to
process the information. Steps he’s taken for security
may actually be causing harm. And what exactly
have people seen? -I mean I have a pool, I come
in and out and this and that. If my kids aren’t around I don’t
need to change or whatever, you know? It’s just–
privacy’s blown already. I don’t know how
you make that right. How are you gonna
have the conversation with your family about this? I’m not sure. Not sure. It’s quite
upsetting and disturbing. I’m not gonna lie. That’s the privacy of my
home being invaded, right? -[ Makda ] Knowing that these
cameras are playing for anyone to watch, if we figured it out
it doesn’t take much for anyone else to figure it out. Well, I’ll be disconnecting
them as soon as I go back in. -[ Makda ] So, how did the
privacy of these homeowners get so violated? We do more digging. -We have a delivery. Professional Video Security. -[ Makda ] This camera system
is the same type used by both families. It’s sold by a
company called OOSSXX. -Let’s get these positioned
so we can spy on you while you work. -[ Makda ] Oh, that
just sounds great. -So, what’s this one? This one’s the bottom right. -[ Makda ] Set up
is relatively easy. But when it comes to
connecting it to the Internet, the problem becomes clear–the
system does not require you to set a password. The default factory
setting password is empty. This means you do not
need to fill out a password. -[ Makda ] Username, admin. That means once it goes online,
other people could access your cameras too, and
there are no warnings. Okay, that’s the problem. We ask OOSSXX why it doesn’t
insist on a password like some other companies do. But they wouldn’t
answer our questions. [ ♪♪♪ ] -[ Makda ] More
smart home secrets. -What was that? -[ Makda ] And testing
some of the top brands. -I kind of like having the
different security cameras so you know what’s going on. -[ Makda ] Will this family pass
a home hack attack? Get more Marketplace. Sign up for our
weekly newsletter at cbc.com/marketplace. [ ♪♪♪ ] -[ Makda ] This is
your Marketplace. [ ♪♪♪ ] -[ Makda ] Across Canada,
homes are being transformed, by so-called smart devices
that promise to make things more convenient, and more secure. It’s automated control of
everything from our lights and locks, to our TVs
and temperature. -Alexa, set the
thermostat to 23. -Okay. -Alexa, kitchen light on. -Okay. -[ Makda ] In Canada alone,
more than 100 million of these devices are now
connected to the Internet. But there is a downside. Many people don’t know how to
secure their smart devices, allowing hackers and pranksters
to invade their homes, and their privacy. [ Screaming ] -What was that?! [ Screaming ] -[ Makda ] This woman is
terrified by the 21st century version of a crank call. -I can see you. -[ Makda ] Whoever’s controlling
her camera can also communicate with her. [ Screaming ] -[ Makda ] Even little
babies fall victim. Traumatized at night by someone,
who’s taken control of the baby monitor. The dark side of all this
new technology might not occur to most. -Yeah, that’s the indoor. -[ Makda ] Johanna Kenwood and
Peter Yarema think smart devices are both cool and convenient. -I love it. I think it just makes life so
much easier. -[ Makda ] But they’re
looking for security, too. -And that’s why I kind of
like having the different security cameras, so you know
what’s going on. -[ Makda ] So they’re careful
to pick top brands that promise security as a priority. Cameras by Nest. And a new lock by
Schlage for the front door. It’s connected to a
central hub made by Wink. All of the devices are
controlled by apps on their phones, or by their Amazon
personal assistant. Thermostat is off. Yeah, I wanna
get more of them, just spread them out a little
bit more so I can actually walk through the house and have
all the different ones going. -[ Makda ] But could
devices like these actually make us
more vulnerable? We’re about to find out.
-Park right here. -[ Makda ] This van is carrying
three white-hat hackers. Arsenii, Chris, and Michael work
for a company called Scalar. Make sure the
wireless packets– -[ Makda ] Businesses hire
them to test their security, to find weaknesses
before the bad guys do. Here we go. -[ Makda ] Johanna and Peter
have agreed to let these guys do whatever it takes
to hack their home. Okay. -[ Makda ] It isn’t long before
they figure out a key component. -Here we go.
There it is, guys. Nice. -[ Makda ] They crack the
password to the home’s Wi-Fi network. -Free Wi-Fi, everyone, now–
-[ Makda ] And then discover it’s the same password used by
Peter to control the thermostat. All right, connected! -[ Makda ] But to
get full control, they decide they need
Johanna’s password, too. Back at headquarters, they
create a phishing e-mail. It’s a fake, designed to
trick Johanna into revealing her password.
Oh, she has opened it. Message has been opened. -[ Makda ] If she clicks
on the link they sent, they’ll be able to control just
about every smart device in her house. The waiting game
doesn’t last long. Here we go. We’ve got credentials, awesome! -[ Makda ] And just like that,
they’re ready to hack the home. [ ♪♪♪ ] You can only see us
when we want you to. -[ Makda ] Don’t let
this happen to you. That’s pretty terrifying that
they’re able to get into so many devices. -[ Makda ] How to fight
back against a home hack. Do you have a story you
want us to investigate? Write to us, at
Marketplace at cbc.ca. -[ Makda ] This is
your Marketplace. [ ♪♪♪ ] -[ Makda ] We’re inside
a home in Oakville, Ontario, filled
with smart devices. What is it that you
guys like about having these smart devices?
-Convenience. Just some of the simpler
things, your hands are full, you need a light on. I like the security. I like being at work and having
the notifications going off and knowing what’s going on at my
house while I’m away from it. -[ Makda ] But outside,
three guys in a van, who have a point to
prove about that security. They’re going to try to hack it. Good to go. Let’s take a look. Let’s see what we have. -[ Makda ] Do you guys
have a favourite device? That’s a good question. I’m gonna say it’s probably
the inside camera, just so I can see the doggies
and see what’s going on. -[ Makda ] Okay,
what’s going on? Did you guys see that just now? Attention, Johanna, Peter,
your home is being hacked! Well, that’s surprising. -[ Makda ] Did you expect that? No, not the Nest camera,
’cause they usually– they’re supposed to be
the top-of-the-line, most secure out there. -[ Makda ] He just talked
to you through that. I know. -[ Makda ] And did you see
what was going on behind us? Yeah. It’s time to turn
up the heat in here. Check your thermostat! Well, our AC’s just been
put up to 32 degrees. [ Laughter ] So, it’s gonna
get hot in here. -[ Makda ] What do
you think about that? That’s pretty terrifying,
that they’re able to get into so many devices, especially–
I’d say more so the living room camera, I think. ‘Cause that’s, you
know, it’s our home, it’s the inside, we
have a child in here, and to know that
someone can get into it… -[ Makda ] Outside in the
van, they’re not done yet. Things are about to get
even more disturbing, as our hackers show some real
damage they can do when they target this personal assistant. Alexa, order a 4K TV. I’ve added a Samsung 4K
TV to your shopping list. -[ Makda ] Now what if
someone could actually do that? I wonder if they have access
to my full Amazon account, which has my credit
cards, my bankcard. Everything’s on there. -[ Makda ] And what if they do? I guess I’m gonna
be really broke soon, owe a lot of money. -[ Makda ] Did you guys– Wanna see what
we’re up to outside? Have a look at
your security camera. -[ Makda ] What’s going on? Doesn’t wanna load up. Oh, there it goes, offline. -[ Makda ] Your
camera’s off-line. Yup, so if I was at work
and someone was coming on the property,
I’d have no idea. You can only see us
when we want you to, and that time is now! -[ Makda ] So, he said you
can only see us when we want you to see us. That’s so creepy. -[ Makda ] You said it’s creepy. Why? What’s that?
-That’s our front door lock. That’s our front
door lock, yeah. I’d say that one’s the more
troubling of any of them. And unlocking. I feel unsecure now. [ Laughter ] Hi, guys. I just let myself in. My name is Arsenni and we’ve
just compromised your house. -[ Makda ] He just
unlocked your lock. He walked in here. How are you guys
feeling right now? To be honest, a
little terrified. -[ Makda ] Why? I’m gonna say especially
if I’m not around, we do have animals and
we do care about their well-being and, you know, we
don’t have the fanciest things, but, you know, you
just feel invaded. It’s your stuff. It’s your home. -[ Makda ] Arsenni says his team
could have done a lot of damage if they really wanted. Like, you saw us, we could knock off the camera,
come over and opened the door, grab a package or
whatever, and leave. -[ Makda ] What advice
do you have for them? How can they make sure
to secure their devices? Well, for one, change
your passwords. You want to have different
passwords for each one of your online accounts. Make sure you have extra secure
passwords for critical stuff like your e-mail or, say,
Nest camera, because the Nest camera is a real
window into your life, right? It really is. -[ Makda ] Strong
passwords are a must. The longer, the better–
at least 16 characters. In fact, try using
a password phrase, three or four words that
don’t mean anything together, but you’ll remember. Or use a password
manager that generates and remembers passwords for you. As for the makers
of smart devices… Did someone log in? Is it a suspicious login? Is it not your home IP address? -[ Makda ] Arsenni would
like to see some changes. What can the manufacturers do
to make things more secure? The main things that they
could implement would be use of two-factor
authentication, because, you know, having just a password
as the only thing that protects your smart home is not enough. -[ Makda ] Two-factor, or two-
step authentication is already offered by some companies,
like Apple and Google. When you log into your
account on a new device, they ask for a special code
that they send to your phone, confirmation it’s really
you and not someone who stole your password. We ask the makers of Peter
and Johanna’s devices about two-step authentication
and why it’s not required. Amazon and Nest both say
they have that option and encourage people to use it. Schlage says its locks just
took orders from the Wink hub. And as for Wink, after we
share the results of our investigation, it
announces a big change. Wink is now, “Taking
immediate steps to implement two-factor
authentication.” Meantime, our homeowners
are taking steps, too. Those unsecured cameras
were quickly unplugged, and are no longer open
for the world to see. Peter and Johanna say
they’ve learned a thing or two. How are you guys
feeling about this? You’ve got these devices because
they were cool and convenient. And they were
supposed to be secure. -[ Makda ] Do you
feel that way still? Not really. -I’d probably take the door
lock off the Wi-Fi and just keep it as a keypad. -[ Makda ] Any other
changes you would make? Definitely passwords. I think that will be the first
thing after you guys leave. Everything’s gonna get changed. [ ♪♪♪ ] -[ Charlsie ] Undercover
safety spot check. Oh, my gosh.
Oh, my gosh. That baby’s like
nine months old! Kids just don’t know
that it’s not safe. We are seeing injuries that
are occurring at speed and force that we would
not normally see. I asked her to stand up
and that’s when we realized that she couldn’t stand up. -[ Charlsie ] We visit
trampoline parks across the country, in Ontario,
Alberta, Nova Scotia, and BC. It’s an unregulated
industry no one is watching, until now.

About Ralph Robinson

Read All Posts By Ralph Robinson

100 thoughts on “How hackers could use smart home devices to spy on you (Marketplace)

  1. Btw if you guys think this is bad, you have no idea what else is out there. (And what’s not -“out-“ there)
    Assume 60-80 years of advancements ahead easy.

  2. Omg there’s a camera in my house and idk who put it there I asked all my parents and they said they never put it there.

  3. I have a smart home too, even though it's not an out of the box setup. That's what happens when you let devices access the internet and don't take extra steps to secure them. Passwords aren't really enough anymore.

  4. I finally contacted a cyber expert programmer called Andriano_cohen from United States on IG: He gave me a spy software Application, that usually keeps me informed of where my family members are and on what ever they are up too! at same time, I have access to my partners phone and full notices of my child internet activity, still i can also block any suspicious contacts if such occur…. you can also contact him on WhatsApp +1(978)706-3076 or Email— [[email protected]] for help;

  5. I finally contacted a cyber expert programmer called Andriano_cohen from United States on IG: He gave me a spy software Application, that usually keeps me informed of where my family members are and on what ever they are up too! at same time, I have access to my partners phone and full notices of my child internet activity, still i can also block any suspicious contacts if such occur…. you can also contact him on WhatsApp +1(978)706-3076 or Email— [[email protected]] for help;

  6. This is in no way helpful!! The whitehats got in via WiFi password hacking. The same whitehats though never mentioned that you can set your WiFi to accept only known devices. It's called MAC ADDRESS FILTERING. So have a good solid password for your router and unless that's broken… your good to go.

  7. More than likely the perpetrators that are doing this evil activity probably work for the same company where you purchased your smart devices and your cameras from in the first place.🤔

  8. And don't use online password manager tools, they get hacked too. Use offline password manager tools such as passwordsafe store in encrypted USB

  9. Wow this make me think of that movie Red Dragon. He was a Creeper peeping tom. This boo boo would be a Creepers paradise.

  10. Concerning hacking and illegal monitoring. Eventually even the hackers will be hacked and all of their info spread abroad. You will reap what you sow.

  11. This technology is being used by governments to surveil their population. 5G is being pushed for its obvious good points but it is a weapon that can be used for population control. China's system is being trialed in Darwin NT. Of course they won't admit it but if they weren't going to use it why did they allow it to be put into place.. DON'T TRUST YOUR GOVERNMENT ! The time is coming when I might disappear for criticizing my government as I have done here. It can be stopped but we must stand together as one and I won't be holding my breath waiting for that to happen.

  12. Better to use a DynDns or No-IP account instead of a P2P cloud connection with any surveillance system. Network security is the first step to take in any way before connecting any devices.

  13. Whiskey tango foxtrot! We are sabotaging ourselves, we're letting strangers into our home. Technology has gone too far. People used to worry about big brother, but now, we're offering ourselves up on a silver plate!

  14. …. What's the big deal …. O my gosh I can see her … O no I can see her … All over the internet …. He is going to have a Family meeting when he goes back in side …. Home hack attack is so wack just go eat a big mack …. I am glad they told me the most important thing 3 white males hackers ….

  15. I hope people know that this first flaw could have been avoided simply by changing your password away from "password" on your security cameras. The absolute most basic of all online security measures. Most cameras from any time of name brand will REQUIRE you to change/create a new, safe password.

    In terms of smart hubs, go for the smart things by Samsung if you must. Most of all, just make a good password.

    If you click on a link from an email, and it is a phishing email, this sort of thing is painfully obvious. Just check if the damn website is what it claims to be!! If it's not wink.com, then don't log in with ur wink credentials…

    None of this is any of the smart home makers faults. This is people not being educated enough to CHANGE THEIR BLOODY PASSWORD.

  16. This is terrifying!!! You did a great job by warning these people, but this is just a drop in the ocean… to think the people are not even realizing what can be done. Companies selling this kind of equipment should do more, much more.

  17. That's why I wouldn't buy security camera online. Instead I use an app called Alfred and set it up to share with only my email

  18. It's great that you can help & find the people, but please STOP teaching ppl how to track down other people!!! That's not a good idea, especially for other small time criminals learning new ways to track & access victims comings & goings.

  19. Everything in America is a disturbing news covering the all of the alphabet from a to z. Any question? don't bother asking, the answer will be too disturbing for average foible minds.

  20. Thank god such deviltry is being exposed!
    Technology always has two sides, and if not used wisely, is used against us…
    What a world we live in.

  21. and by the way, it all comes down to 1's and 0's. where there is a will, there is a way. There is no such thing as a secured electronic information processing device. The very nature of the device is the flaw. Its meant to be accessed, used and changed/upgraded when needed. _all of which open it up to be compromised.

  22. That's way police don't patrol your Naborhoods they have monitor rooms I n the police dept being monitored by staff. They can look into home's and business. All cameras are wireless. Hard wiring and stay off the internet. Review it when u get home. There should be a way that a camera alerts u someone came on your property but u need to review it manually. That company must be into burglaries.

  23. Oh please it’s happening with the cable boxes as well. You’re watching cable & people are watching you via the cable box. The cell phone hack is not surprising. What you see on tv when someone clones a cell phone is really real. If you’re hacking my cell phone I can care less if your feelings get hurt by what’s in my cell.

  24. Having your house set up with cameras, video monitors, and smart locks, is about the stupidest thing ever. I once pissed off my in-laws by rejecting a video baby monitor. I simply said," You can return it, and get your money back". They were dumbfounded.

  25. what do you think about the smart meters the electric companies are installing on everyone's houses? please do a video on this

  26. Cos people don't set their own passwords and just use the default password that comes with the camera. Make your own strong password and you won't have an issue with being watched.

  27. Always make your own password. There are password generators. Google how to make a strong password. The only way these white hat hackers got in was because they gave them the password thru a email. A company who sells these will never ask you for a password.

  28. I remember some government saying at some point of the statehouse you can only use a paraffin lamp, no electricity, no phones, just you and your God nothing more😂😂

  29. I will never go with a SMART home. I avoid all SMART technologies as much as possible. We have a hardwired security system. I refuse to have everything connected via wi-fi. Avoid all SMART appliances. They are hackable as well. The long term plan with SMART homes is for governments, the NWO global governance, to monitor and control EVERYONE’S energy usage.

  30. This is what happens when we remove personal boundaries, discipline and ethics and morals from our daily lives. People teach your children boundaries, and ethics and morals PLEASE!

  31. I shouldn’t have to memorize 4 different passwords with 4 different user names because your afraid your Children’s feeling will be hurt.

  32. If you ever feel your device is hacked you can always contact [email protected] to help you cleans all the spy bug hacking and spying into your device remotely he’s the hacker who helped me when I had similar issue he’s a life saver

  33. Don't forget this can happen with your computer, tv and phone cameras too! Also any app that you give access to your microphone or camera. Stay safe people:)

  34. best thing to do is just not be lazy and stay away from smart stuff and turn on lights and change temps your self.

    I know whenever I move out and have my own home I'm not getting any of this, even before seeing this.

  35. I hired deepak some
    months ago for a hacking job.I never wanted to be a victim again after being
    scammed twice already but something just kept on prompting me to try out
    DEEPAK, and at the end, I was glad I followed my instinct out of every hacker
    i've ever talked to, or tried out,he's a very unique person both in nature and
    in his job. He made sure he did everything I required of him and got me the
    result I wanted. Now I now have access to my husband's phone activity and can
    check on him whenever he's about to misbehave. you can contact him on
    DEEPAKANONGHOSTHACKERS @GMAILCOM, if you need any hacking help. You can also
    call him or send him a text on WhatsApp +1 (256) 269-2696. 📿🤲🐸🏥

  36. Things were not going well for me in my
    relationship, i was so confused and i don't know what to do. things became
    worse when my husband started telling me he needs to stay long hours at work
    almost every night for clubs and hang out with friends not knowing he was
    seeing someone else, it is good as dead when you cant take charge of your
    relationship because it was so surprising to me what was happening, because he
    wasn't lacking anything,but i was helped by DEEPAKANONGHOSTHACKERS
    @GMAILCOM  crew who monitored his
    activity and found out that he was been blackmailed by his past life and in the
    process he was sleeping with who was blackmailing him. it was terrible for me🎊💉🙃📭

  37. 8hrs
    ago i was so confused about my husband late night text, but he already
    encrypted it with a security lock, but after i contacted DEEPAK who was
    recommended to me, he helped me hack into my husband mobile phone.. this guy is
    a wizard with hack and spys software, i think i can never pay him enough for
    his creativity , so i had to just post and recommend. i think y'all should try
    him if you need hack and spy issues to deal with. DEEPAKANONGHOSTHACKERS
    @GMAILCOM

  38. It was so embarrassing and sad because
    basically, i suspected that my partner is cheating on me but i want to be sure
    before taking any action. Until I decided to take a chance to know, knowing is
    better than self doubts and it was exactly what happened when I employed the
    services of this particular group I came across by chance to help check his
    phone. Now I know when he’s telling the truth and how to curtail him i think it
    is not a drastic step if it'll make you feel better. My life got better, I
    stopped using my precious time to bother about him indiscretions and channeled
    my energy positively. for any job relating to hacking contact DEEPAK
    on WhatsApp +1 (256) 269-2696 for
    more professional services .

  39. I understand why people do this DYI stuff. They are saving $$$, but this could cost them their property and worst, their lives! And this is why you hire a reputable company to install security cameras.

  40. Uh… a couple of things, never buy cheap equipment, never use the default password or an easy password. Never give out your wifi password and do not set up guess access on your wifi. That being said, it's likely some type of remote access has been setup on these folks internet network.

  41. I don’t trust none of these devices. There is a guy who comes here every month wanting to put devices in my house I told him I am not interested. He said it is free and my neighbors have them. He was sooooo pushy. I told him many times NO he kept on talking as if I said nothing. I told him I don’t care what my neighbors have. I said I am not interested. I closed the door in his face because he kept on with this crap. I did ask him does he understand what No means? Little does he knows my neighbors told me that they said no as well. I have Security that works very well A Bullmastiff and she will have you for dinner if you come unannounced.

Leave a Reply

Your email address will not be published. Required fields are marked *