Internet-connected security cameras account for almost half of the Internet of Things devices that are compromised by hackers even as homes and businesses continue to add these and other connected devices to their networks.
Research from cybersecurity company SAM Seamless Network found that security cameras represent 47 percent of vulnerable devices installed on home networks.
According to the data, the average US household contains 17 smart devices while European homes have an average of 14 devices connected to the network.
But while the range of connected devices ranges in scope from computers and smartphones to smart televisions and kitchen appliances, it's security camera systems which are the most hacked IoT devices.
Many of these attacks can bypass the security of cheap models of IP camera – with many of these low-cost devices based on a similar blueprint, meaning that if a vulnerability is found in one, it may also work against other models.
"The most serious attacks target IP cameras. It feels that people aren't investing in the best state-of-the-art security cameras which can cost hundreds of dollars – so they buy the cheaper ones," Omri Mallis, chief product architect at SAM Seamless Network told ZDNet. "These are very vulnerable devices," he added.
Smart hubs and network-attached storage devices are the next most vulnerable devices, claims the research, accounting for 15% and 12% of the most-hacked devices respectively. Printers, smart TVs and IP Phones are also common attack vectors for successful hacks.
Many IoT devices have been known to have vulnerabilities that allow attackers to remotely access or control them from the internet, while some have have been found to have weak passwords that can't be changed. In the worst-case scenario, devices will be found to have both.
Whatever the weakness in the device is, a vulnerable IoT product can potentially provide hackers with an easy way into other devices connected to the network.
"You might think nobody cares about your smart TV, but once it's connected to your computer where you have all your data and credentials, all of a sudden it becomes an interest," Sivan Rauscher, co-founder and CEO of SAM Seamless Network told ZDNet.
Figures from the security firm suggest that the average device is the target of an average of five attacks per day, with midnight the most common time for attacks to be executed – it's likely that at this time of the night, the users will be asleep and not paying attention to devices, so won't be witness to a burst of strange behavior.
While international bodies like the European Union and the governments of several countries – including the United Kingdom and the United States – have started to examine and rectify the threat posed by insecure IoT devices, Rauscher argues that more needs to be done – and soon.
"We need in-depth and continual investigations to understand where the vulnerabilities are coming from. The upcoming regulation and government policies on IoT and connected devices bring further attention to the problem but they are not enough," she said.
MORE ON IoT AND CYBERSECURITY
- IoT security: Why it will get worse before it gets better
- How to secure your IoT devices from botnets and other threats TechRepublic
- IoT security warning: Your hacked devices are being used for cybercrime says FBI
- IoT attacks are getting worse -- and no one's listening CNET
- IIoT security: Why it matters, why it needs to be much better