Wednesday 1 June 2022 12:07 AM How safe is YOUR smart device? Popular gadgets including Amazon Echo and Google ... trends now
Smart home devices from companies such as Amazon and Google can be hacked and used to crash websites, steal data and snoop on users, an investigation reveals.
Consumer group Which? has found poor security on eight smart devices, some of which are no longer supported with vital security updates due to their age.
Examples include the first generation Amazon Echo smart speaker, released in 2014, and a Virgin Media internet router from 2017.
All of the products had vulnerabilities that could leave users exposed to cybercriminals, Which? found.
Domestic abuse survivors can also be tracked and controlled by ex-partners who exploit weak security on devices including Wi-Fi routers and security cameras.
Smart home devices from companies such as Amazon and Google can be hacked and used to crash websites, steal data and snoop on users, an investigation reveals. The first generation Amazon Echo smart speaker (pictured) was released in 2014
In total, Which? found 37 vulnerabilities across the eight test devices, including 12 rated as high risk and one rated as critical.
The London-based consumer champion now says the UK government should set out minimum periods of time smart products must receive vital security support for.
'Our latest investigation highlights the real-life dangers posed by smart products from some of the biggest tech brands that are no longer adequately protected from cybercriminals,' said Rocio Concha, Which? director of policy and advocacy.
'These weaknesses can lead to significant economic damage, but it is chilling to think that they can also be exploited by domestic abusers.'
For its investigation, Which? purchased eight products from different brands and set them all up in a simulated home before inviting 'ethical hackers' to attack them.
Ethical hackers penetrate a computer systems or networks on behalf of its owners, and with their permission, often for the purposes of research.
As well as the first generation Amazon Echo and the Google doorbell, the list included the Samsung Galaxy S8 Android smartphone, the Wemo smart plug and the Liv Cam baby monitor.
Which? selected these products because they are likely to be sitting in the homes of thousands of consumers, even though they are not newly-released.
Some of these products had been abandoned by the manufacturer within five years since their launch.
For example, the first generation Amazon Echo smart speaker lost security support in autumn 2021, Which? said.
Using a pre-existing vulnerability, researchers were able to exploit a physical attack giving remote control over Amazon's device.
In real life, an attacker could steal user data and even stream the device's live microphone, all without the user knowing.
Samsung Galaxy S8 Android smartphone (pictured) was easily infected with malware which could lead to data theft, tracking and spam adverts, Which? found
Using a Google Nest Hello video doorbell (pictured) hackers were able to spam the device with requests so that it was knocked offline