LULU GARCIA-NAVARRO, HOST:
There have been many reports in recent months about people's home security cameras and smart appliances getting hacked, with hackers taunting small children over cameras or blasting vulgar music. We asked Rachel Cericola, who reports on smart homes for Wirecutter, how the hacks actually happen.
RACHEL CERICOLA: Well, in this case, we talk a lot about hacking, but hacking sort of implies that someone found a hole in the system or a backdoor entry. That's not really what's going on here. For the most part, people have poor passwords. They might be reusing them - the same passwords they used for their banking accounts or a store rewards account. And they're probably compromised elsewhere. And when that happens, they're out there on the Web. People find them, and they can use them to access people's cameras.
GARCIA-NAVARRO: You wrote that there will be over 42 million smart homes by the end of 2019. Any idea how many of these homes will be vulnerable to data breaches? I mean, it seems like this is happening more and more as these homes and appliances become more popular.
CERICOLA: I guess I should say that every smart device is vulnerable to data breach. You have to protect yourself by using strong, unique passwords for every single device.
GARCIA-NAVARRO: Is one type of device more vulnerable than others? I mean, Target was hacked through its HVAC system in 2014.
CERICOLA: Right. I can't say that one is stronger than the other. I do think that it seems like cameras are the most popular devices that we hear about these incidents happening. You know, a lot of these devices store your Wi-Fi credentials, your password. They might even store where you're located, your home address or at least your location.
GARCIA-NAVARRO: Motherboard just reported that automated software for cracking Ring passwords was being sold online for all of $6. Is trying to keep your home secure kind of hopeless?
CERICOLA: It might seem that way, but I think there are simple precautions that people can take. Unfortunately, right now, there's no government regulation regarding security and privacy. That doesn't mean that manufacturers shouldn't be making some of these safety features a requirement or even better educating consumers about what they can do. But currently, a lot of it falls back on the user not to just enable the safe practices but know what they are.
GARCIA-NAVARRO: What have the companies, like Ring and Google - which owns Nest - said in response to these hacks?
CERICOLA: Typically, they've been pretty good about letting consumers know what the deal is, that things have been compromised. And both Nest and Ring have another safety feature called two-factor authentication. They're telling people to enable that. I think this is relatively new that companies are reaching out to tell consumers to enable these safety practices. And I hope to see more of that in the future.
GARCIA-NAVARRO: Do you use any of these home security services or smart devices in your home?
CERICOLA: Oh, so many of them.
CERICOLA: My job is reviewing smart home devices. So I have experience with most of these brands and many others.
GARCIA-NAVARRO: And what do you do to keep safe?
CERICOLA: Like I said, I really - I use the strong passwords. I also use a guest network for all of my smart devices so it's not connected to the same computer that I use for home use and that my family uses. And I also try to encourage people to stick with a popular or good brands. Typically, bigger brands will have the infrastructure to handle problems when they arise like this.
GARCIA-NAVARRO: That's Rachel Cericola. Thank you so much for speaking with us.
CERICOLA: Oh, thank you for having me.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.