News Feed Item

“Hacker Lab” Event Shows How Cyber Criminals Attack Homes — and How to Stop Them

At a recent “Home Hacker Lab” event sponsored by Hartford Steam Boiler (HSB), part of Munich Re, and Prescient Solutions, an ethical hacker revealed how cybercriminals work — and what consumers can do to protect themselves.

The October 13 workshop in New York City mounted a remote cyber-attack on an Internet-connected model home inside the American Modern Insurance Group claims training facility in Ohio. The event demonstrated in real time how hackers choose their targets, enter a system, and the harm they can do once they infiltrate a home.

Key takeaways for homeowners included:

  • Most attacks happen via traditional means, through home Wi-Fi systems, emails and computer browsers.
  • Hackers are quickly finding new entry points through smart Internet of Things (IoT) technologies.
  • Roughly 80 percent of consumers report using a home network connected to the Internet. One in ten consumers have experienced a cyberattack via their connected home systems.*

The Hacker Lab was presented by HSB, a leading specialty insurer of data and information risks, and Prescient Solutions, a Chicago-based IT outsourcing firm. The lab was designed to help educate and provide home cyber defense ideas for consumers.

“Hackers are exploiting common security flaws and using them to breach home networks, computers, IoT and mobile devices,” said Eric Cernak, vice president and cyber practice leader for Munich Re. “Once cyber criminals have access, they can steal personal and financial information, hold computer files for ransom, and hijack anything from webcams and thermostats to smart TVs.”

Jerry Irvine, chief information officer of Prescient Solutions and member of the U.S. Chamber of Commerce’s Cybersecurity Leadership Council, agreed that consumers face a real threat and need to increase safety protections in their home networks and connected devices.

“The good news is that homeowners can take steps to protect themselves from destructive criminal intrusions,” Irvine said. “Understanding what hackers look for and how they premeditate an attack are critical to building up a home defense system. The important thing to remember is that hackers are imperfect and can be disrupted.”

The Home Hacker Lab also featured a risk management discussion with Cernak and Timothy Zeilman, vice president and counsel for HSB. The discussion included insights about ways to prevent a cyber-attack; the financial costs; and what consumers must do if/when they’re hacked.

HSB and Prescient Solutions provided the following risk-management tips to secure home systems:

1. Keep systems updated with patched and security updates. Install the most current Windows, OS/iOS, updates/patches and applications. Regularly update firmware on routers and all other devices.

2. Separate social media from financial activity. Use a dedicated device for online banking. Use a different device for email and social media. Otherwise, just visiting one infected social site could compromise your banking machine and your financial accounts.

3. Secure the network to which the devices connect. Don’t broadcast your wireless router/network name. Change default usernames/passwords on home routers and smart devices. Activate wireless router encryption, use WPA2, not WEP. Do not connect smart devices directly to the Internet linked to home computers, but rather through a separate IoT firewall.

4. Set up two-factor authentication for all online accounts. Create complex passwords (nothing that can be easily guessed, such as children’s names, birthplace, etc.). Use secondary authentication; this sends a secret code to your phone verifying your identity.

5. Secure your smartphone. Many people still do not use passcodes to lock their smartphones. Don’t be one of them. Almost all IoT devices are controlled by a smartphone app, so phones have become key entry points to homes.

6. Think before purchasing or installing apps on smartphones or tablets. Make sure you read Privacy Policies before downloading. Do not download any apps that prompt you to quickly download, as they may contain malicious code and security flaws designed by hackers.

7. When not using Bluetooth, turn off the feature. Mobile phones, tablets and many new smart items in the home have Bluetooth functionality (smart speakers, set-top boxes, baby monitors, etc.). Such devices have recently been hacked into because their owners left on the Bluetooth option.

8. Purchase only new devices in unopened packaging from reputable retailers. As with any expensive device, there is a black market for counterfeits that have limited security protections. Do not be tempted to buy such devices.

9. Wipe/reset to factory defaults. When replacing connected devices or selling a home, devices should be restored to factory default settings. This will ensure that personal information contained on the devices is removed.

10. Check insurance policies closely. While a typical Homeowners Policy may cover the costs of the resulting damage (theft, spoilage, etc.), they generally do not respond to costs associated with restoring the systems that have been compromised in the attack.

*Research by Zogby Analytics and HSB Group

Hartford Steam Boiler (HSB), a member of Munich Re’s Risk Solutions family since 2009, is a leading specialty insurer providing equipment breakdown, other specialty coverages, inspection services and engineering-based risk management that set the standard for excellence worldwide. We focus on clients and partner with them to craft inventive insurance and service solutions to cover existing and emerging risks posed by technological change. Today, as throughout our 150 year history, our mission is to use our engineering knowledge and insights to help clients prevent loss, advance sustainable use of energy resources and build deeper relationships that benefit business, industry, public institutions and consumers. HSB holds A.M. Best Company’s highest financial rating, A++ (Superior). For more information, visit www.hsb.com and connect on LinkedIn, Twitter and Facebook.

Prescient Solutions is a Chicago-based IT consulting company that provides onsite, remote, managed and cloud-based services to small, mid-sized and global organizations, as well as government entities. For more than 20 years, its expert team has advised organizations on best practices in IT and cyber security, and guides executives in IT decision-making and implementation across all systems and networks. For more information call 888-343-6040, or visit http://www.PrescientSolutions.com.

Munich Re stands for exceptional solution-based expertise, consistent risk management, financial stability and client proximity. This is how Munich Re creates value for clients, shareholders and staff. In the financial year 2015, the Group – which combines primary insurance and reinsurance under one roof – achieved a profit of €3.1bn on premium income of over €50bn. It operates in all lines of insurance, with over 43,000 employees throughout the world. With premium income of around €28bn from reinsurance alone, it is one of the world’s leading reinsurers. Especially when clients require solutions for complex risks, Munich Re is a much sought-after risk carrier. Its primary insurance operations are concentrated mainly in the ERGO Insurance Group, one of the leading insurance groups in Germany and Europe. ERGO is represented in over 30 countries worldwide and offers a comprehensive range of insurances, provision products and services. In 2015, ERGO posted premium income of €17.9bn. In international healthcare business, Munich Re pools its insurance and reinsurance operations, as well as related services, under the Munich Health brand. Munich Re’s global investments (excluding insurance-related investments) amounting to €215bn are managed by MEAG, which also makes its competence available to private and institutional investors outside the Group.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
WebRTC sits at the intersection between VoIP and the Web. As such, it poses some interesting challenges for those developing services on top of it, but also for those who need to test and monitor these services. In his session at WebRTC Summit, Tsahi Levent-Levi, co-founder of testRTC, reviewed the various challenges posed by WebRTC when it comes to testing and monitoring and on ways to overcome them.
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Rapid innovation, changing business landscapes, and new IT demands force businesses to make changes quickly. In the eyes of many, containers are at the brink of becoming a pervasive technology in enterprise IT to accelerate application delivery. In this presentation, you'll learn about the: The transformation of IT to a DevOps, microservices, and container-based architecture What are containers and how DevOps practices can operate in a container-based environment A demonstration of how Docke...
Enterprises have been using both Big Data and virtualization for years. Until recently, however, most enterprises have not combined the two. Big Data's demands for higher levels of performance, the ability to control quality-of-service (QoS), and the ability to adhere to SLAs have kept it on bare metal, apart from the modern data center cloud. With recent technology innovations, we've seen the advantages of bare metal erode to such a degree that the enhanced flexibility and reduced costs that ...
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
Governments around the world are adopting Safe Harbor privacy provisions to protect customer data from leaving sovereign territories. Increasingly, global companies are required to create new instances of their server clusters in multiple countries to keep abreast of these new Safe Harbor laws. Is it worth it? In his session at 19th Cloud Expo, Adam Rogers, Managing Director of Anexia, Inc., will discuss how to keep your data legal and still stay in business.
SYS-CON Events announced today that SoftNet Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. SoftNet Solutions specializes in Enterprise Solutions for Hadoop and Big Data. It offers customers the most open, robust, and value-conscious portfolio of solutions, services, and tools for the shortest route to success with Big Data. The unique differentiator is the ability to architect and ...
In the 21st century, security on the Internet has become one of the most important issues. We hear more and more about cyber-attacks on the websites of large corporations, banks and even small businesses. When online we’re concerned not only for our own safety but also our privacy. We have to know that hackers usually start their preparation by investigating the private information of admins – the habits, interests, visited websites and so on. On the other hand, our own security is in danger bec...
Successful transition from traditional IT to cloud computing requires three key ingredients: an IT architecture that allows companies to extend their internal best practices to the cloud, a cost point that allows economies of scale, and automated processes that manage risk exposure and maintain regulatory compliance with industry regulations (FFIEC, PCI-DSS, HIPAA, FISMA). The unique combination of VMware, the IBM Cloud, and Cloud Raxak, a 2016 Gartner Cool Vendor in IT Automation, provides a co...
SYS-CON Events announced today that Embotics, the cloud automation company, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Embotics is the cloud automation company for IT organizations and service providers that need to improve provisioning or enable self-service capabilities. With a relentless focus on delivering a premier user experience and unmatched customer support, Embotics is the fas...
SYS-CON Events announced today that MathFreeOn will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MathFreeOn is Software as a Service (SaaS) used in Engineering and Math education. Write scripts and solve math problems online. MathFreeOn provides online courses for beginners or amateurs who have difficulties in writing scripts. In accordance with various mathematical topics, there are more tha...
SYS-CON Events announced today that Niagara Networks will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...