What happens if you have poor security?

The consequences of poor security:

So, you have jumped on the smart home trend. You can control your lights, thermostat, and even fridge with just a tap on your phone. But wait! Have you thought about security? If you dont secure your smart home, you could have some serious problems. Lets break it down in simple terms.

Poor network security: A recipe for diaster

  • 1. Weak Wi-Fi Passwords: If your Wi-Fi password is something like "letmein”, you might as well put a welcome mat out for hackers! With easy access to your network, hackers can snoop around and look for personal data.
  • 2. Personal Data Theft: Once they are in, they can find your bank details, steal your identity (like your name, date of birth, and address), or access your email account. Not good!
  • 3. Check your firewall: If your firewall isnt set up correctly, you could be letting harmful traffic into your network. This could spread malware, making things even worse.
  • 4. No VPN?: Not using a Virtual Private Network (VPN) means your network details are out in the open. This makes it easier for hackers to attack less secure smart devices and track your online activities.

Basically, poor network security means hackers can take control of your smart home devices and snoop around your personal life. Catastrophic!

The danger of poor passwords

If your passwords are weak, you are practically handing over the keys to your smart home. Heres why:

  • 1. Easy to Crack: A poor password can be cracked quickly. If a hacker gets into your smart home device or network, they can access all your personal information.
  • 2. Identity Theft: With access to your personal info (like your bank account, address, and phone number), hackers can target you with new scams, steal your money, or even commit crimes using your identity.
  • 3. Reusuing passwords: If you use the same password for multiple accounts, a hacker who cracks one password can access your other accounts too. This makes your smart home even less secure.

Cheap smart home devices: be cautious

We love a good deal, but when it comes to smart home devices, cheap isnt always cheerful. Here is why you should be cautious:

  • 1. Security flaws: Many cheap devices from unknown brands (often from China) have serious security flaws. They have been known to use outdated network protocols or lack basic authentication (like a username and password).
  • 2. Exposed Data: Think of this as a computer inside your computer that helps us with hacking.
  • 3. Quality: Its usually smarter to invest in devices from reputable brands with good reviews. While they may not be perfect, they are less likely to have serious security flaws that put your data at risk. Remember, you get what you pay for!

Simulation

What you need to know

In this guide, we’ll explore just how easy it can be to hack a smart home device, specifically a “Yeelight” multi-color smart bulb. Thanks to David Bombal’s YouTube video, we’ll show you how to exploit this device, which you can find for about £15 on eBay.

What you'll need

  • 1. Yeelight Smart Bulb: This is the device we’ll be hacking.
  • 2. Kali Linux Virtual Machine: Think of this like a computer inside of a computer. It'll help us with the hack.
  • 3. Wifi Router: This connects all your devices to the internet.
  • 4. Python Script: A small piece of code that will help us control the bulb.

The Hack: Lets Get Started

Step 1: Find the Bulb’s IP Address

Every device on your network has a unique address, like a home address. For our Yeelight bulb, we need to find its IP address. We can do this easily using tools like Bettercap and Wireshark. These tools scan your network and tell you what devices are connected.

In our case, the bulb’s IP address is: 192.168.1.146.

Step 2: Control the bulb using telnet

Now here’s the shocking part: this Yeelight bulb uses Telnet, an old and insecure protocol that doesn’t require any username or password. This is a big red flag for security!

Using Kali Linux, we can connect directly to the bulb using Telnet.

Photo 1 Photo 2

Once connected, we can control the bulb with some simple commands (listed above).

Photo 1 Photo 2

Step 3: Control the Bulb with a Python Script

Don’t worry if you’re not a programming genius! We’ll use a basic Python script to control the bulb more thoroughly. The script is straightforward and doesn’t require advanced coding skills.

Photo 1 Photo 2

When we run the script (using the yeelight1.py command pictured above), we can see the bulb change colors and respond to commands—all without using the Yeelight app or our phone!

Photo 1 Photo 2

This simple hack shows just how important it is to have good security for your smart home devices. Always choose devices that have proper authentication and updated security protocols.

By understanding how easy it is to exploit a poorly secured smart device, you can make better choices for your smart home. Stay safe!

David Bombal's video: https://www.youtube.com/watch?v=o9rlLuUpYxo

Conclusion: Dont risk it

Not securing your smart home can lead to severe consequences. You could be putting your personal data like your address, date of birth, and bank details at risk. By following the advice on this site, and choosing devices from reputable manufacturers, you can help secure your smart home and keep your personal info private.

References

Bombal, D. (2023). Hacking IoT devices with Python (it’s too easy to take control). Available at: https://www.youtube.com/watch?v=o9rlLuUpYxo (Accessed: 10 March 2025).

Bombal, D. (2023). yeelight1.py. Available at: https://github.com/davidbombal/red-python-scripts/blob/main/yeelight1.py (Accessed: 10 March 2025).

Getty Images (2024). Red Flag Stock Image. Available at: https://www.istockphoto.com/photos/red-flag-warning (Accessed: 10 March 2025).