The second kind of virus attack to know about is a man-in-the-middle (MITM) attack, where a hacker intercepts communications between a device and the web—in this case, the bad actor needs to be either on your wifi network or to be able to trick you into installing a dangerous app. “The vast majority of IoT devices are simply underpowered computers running Linux, so yes, smart devices can absolutely run malicious payloads built for IoT,” Iliushin told Gizmodo over email. “IoT attackers could even run a man-in-the-middle attack in which they sit on the router, listen to all outgoing traffic, and sniff out sensitive information, like passwords.
That’s more difficult to do with smart home devices and less likely to happen, but it does then give an attacker who deploys the virus the chance to control Internet of Things (IoT) devices for their own ends. “There are various threats, such as the Mirai worm, that are designed for IoT devices that can compromise many different devices, from routers to connected cameras,” Wueest told Gizmodo via email. “Even Android malware designed to infect smartphones can compromise smart TVs if they run the Android operating system.
As long as you’re not installing dodgy apps, and the TV software isn’t leaving itself exposed to the web at large, you should be (mostly) safe from those kinds of attacks. “There have only been a handful of malware infections on smart TVs yet,” says Wueest. “Compared to using a computer, the user does not install that many new application or open emails with suspicious attachments, therefore the attack vector is mainly exposed services reachable from the Internet.
Think twice before running sketchy software from a developer you don’t know—or indeed installing sketchy smart home hardware from manufacturers you’ve never heard of. “Device manufacturers carry the onus of protecting their users by building strong privacy and security postures into the product design in the first place,” says Iliushin. “Our research has found that 90 percent of the world’s devices are made by the same 100 vendors, so those companies should be held responsible for the safety of their customers.
Attacks like the ones we’ve described generally rely on one of four access methods, which aren’t too difficult to guard against: Malware needs either a poorly secured IoT device, access to your home wifi network, physical access to your IoT devices, or a way to trick you into installing software on your smart home gadgets.
Both these exploits have since been patched against, but you can see what’s possible. “While quite possible in theory, we haven’t seen malware specifically designed to attack smart speakers,” says Iliushin. “Such devices can easily be exploited or tricked into playing audio files, but we have yet to see something more sophisticated.
Keeping your smart home devices safe from malware isn’t really a question of running antivirus scans on all of them—it’s more about making sure they’re securely configured from the beginning, and that the gateway to your home (your router) is properly locked down against remote attacks.
What’s more, they often connect to the web via a smart hub, adding another layer of complexity and another hurdle for any potential virus to overcome. “More exotic devices, such as smart microwaves or smart kettles, typically face accidental attacks rather than specifically targeted ones,” says Wueest. “Malware threats actively going after these devices are not yet that common.
The Mirai worm that came to prominence in 2016 is a classic example of an IoT virus: It exploited default, unchanged security settings on smart home gadgets to build up a botnet that’s then able to crash websites and servers with a distributed denial-of-service (DDoS) attack.