Smart speakers, smartphones, vacuum cleaners and other devices connected in our homes place users in the focus of security attacks. Credit: Panumas Nikhomkhai.

  • Innovation


Smart devices have taken our homes. Connected to our daily activities, they monitor from our rest to the pantry in order to make our lives easier. But they also expose us to cyber attacks and failures that put our privacy at risk. The so-called "Hacker toolkit" is surprisingly a great help to live safer in this hyperconnected world.


Beds that detect how long a user is sleeping, washing machines that can choose the most efficient washing program and warn when to buy more detergent, and even smart toilets that analyse urine and monitor a person's health. These are striking and innovative examples of connected devices, increasingly present in our homes in more common forms such as smart light bulbs or thermostats. While they can make our daily lives more comfortable, the unfortunate truth is that they increase the likelihood of cyber-attacks.

There have been many examples in recent years. Back in 2016, a group of security experts managed to hack into one of Samsung's smart refrigerators and intercept communications between the refrigerator and Google Calendar. More recently, in 2019, a surveillance camera installed in the home of politician Pablo Iglesias, Second Deputy Minister of the government of Spain, and his domestic partner, Irene Montero, Minister of Equality of Spain, was hacked and its images could be seen live on the Internet. That same year an attacker managed to hack into smart light bulbs and gain access to private user data such as the Wi-Fi password.

These types of attacks on IoT (Internet of Things) devices are growing all the time. In the first half of 2019 alone they increased sevenfold, according to a study by Kaspersky. In that period, some 105 million attacks on IoT devices were detected from 276,000 unique IP addresses. In a context in which more and more users are covering their laptop cameras while at the same time introducing smart speakers and other devices with microphones and cameras into their homes, ensuring security has become one of the main challenges of the large tech manufacturers.

The Shoda platform, threat and defense tool at the same time, allows users to control any IoT device without adequate security. Credit: Hogartec.

Risks from Virtual Assistants

The number of virtual assistants in use worldwide is expected to continue to grow in the coming years. Statista expects the number to rise from 3.25 billion devices in 2019 to 5.11 billion in 2021 and 8 billion in 2023. These devices are also susceptible to cyber-attacks. In fact, a team of cybersecurity researchers at the University of Michigan has shown that it is possible to hack a smart speaker with a laser from up to 50 metres away. Among other actions, they have managed to get Google Assistant, Alexa or Siri to turn lights on or off or to open doors.

What’s more, despite the fact that companies such as Amazon, Google or Apple claim that their virtual assistants are only activated when a command is pronounced, sometimes they are activated by mistake and store private conversations. Former employees who have participated in the listening programs of these companies claim to have heard users discuss private details such as names or bank details.

In addition to the challenge of ensuring the security of these devices, there is also the challenge of safeguarding the privacy of users. Despite assurances from the large tech manufacturers that they are doing so, different experts in artificial intelligence and in privacy and data ownership warn of the risk of introducing connected devices into the home. Companies, and cyber-attackers, can learn their customers' habits perfectly: when they do their laundry, what they eat, what happens in their bathroom and even how their house is laid out. For example, the manufacturer of the popular smart vacuum cleaner Roomba acknowledged in 2017 its intention to sell data with the plans and layouts of the homes that the machine had been collecting in millions of households around the world.

After some errors detected in main companies devices, virtual assistants have the challenge of guaranteeing the security of the devices and the privacy of the users.Credit: Andres Urena.

A search engine pushing the limits of privacy

This kind of private information could also end up in unwanted hands. There is a platform that allows users to control all kinds of IoT devices without adequate security. It is called Shodan and has been described by different international media as "the most terrifying search engine on the Internet" or "a window into the world of absolute insecurity". Through this platform, users can find all kinds of information: from security cameras, yachts or taximeters to gas stations, license plate readers and medical devices. Also accessible are devices connected in the home such as security cameras, printers, televisions, smart ovens or refrigerators and even video consoles such as PlayStation.

But this search engine, which was created by Swiss computer scientist John Matherly, can also be used to defend users. Manufacturers can check if their devices can be found on this search engine in order to stay ahead of potential attackers, find vulnerabilities in their own devices and fix them.

But staying safe in an IoT world is not only up to the manufacturers; it is also important for users to take some responsibility. Immediately changing the username and password of internet-connected devices should be the first step. "Admin", "root" and "12345" are among the most common codes for these types of devices, according to a report by the cyber security company Symantec. It is also advisable to update the software of the devices to the latest version whenever possible and disable the remote access for IoT devices when not strictly necessary.

· — —
Tungsteno is a journalism laboratory to scan the essence of innovation. Devised by Materia Publicaciones Científicas for Sacyr’s blog.

  • Tungsteno
  • IOT
  • Health
  • Cybersecurity

We use our own and third party cookies for analytical purposes. Click on HERE for more information. You can accept all cookies by clicking the "Accept" button or set them up or refuse their use by clicking .

Cookie declaration

These cookies are necessary for the website to function and cannot be disabled in our systems. These cookies do not store any personally identifiable information.

Name Provider Purpose Expiration Type
LFR_Sesión_STATE_* Liferay Manage your session as a registered user Session HTTP
GUEST_LANGUAGE_ID Liferay Determines the language with which it accesses, to show the same in the next session 1 year HTTP
ANONYMOUS_USER_ID Liferay Manage your session as an unregistered user 1 year HTTP
COOKIE_SUPPORT Liferay Identifies that the use of cookies is necessary for the operation of the portal 1 year HTTP
JSesiónID Liferay Manages login and indicates you are using the site Session HTTP
SACYRGDPR Sacyr Used to manage the cookie policy Session HTTP

These cookies allow us to count visits and sources of circulation in order to measure and improve the performance of our site. They help us know which pages are the most or least popular, and see how many people visit the site. All information collected by these cookies is aggregated and therefore anonymous.

Name Provider Purpose Expiration Type
_gat Google It is used to throttle the request rate - limiting the collection of data on high traffic sites Session HTTP
_gid Google It is used to store and update a unique value for each page visited Session HTTP
_ga Google This is used for statistical and analytical purposes for increasing performance of our Services Session HTTP