Smart Home: Beware of Outdated Devices

Smart HomeIoT

Attackers often target old devices, particularly when they contain unpatched vulnerabilities and no longer receive security updates due to reaching end-of-life status.

Redamp.io | Smart Home: Beware of Old Devices

Every Device Will Become Obsolete One Day

Smart home (or IoT, Internet of Things) device eventually becomes obsolete, whether due to slow performance, the owner upgrading to a newer model, or lacking features compared to modern alternatives. At this point, the manufacturer moves on to newer models, marking the old device as End Of Life (EOL).

Manufacturers cease marketing, selling, and providing parts, services, or software updates for the product. While this can have various implications, the key concern is that security is no longer maintained, leaving the end user exposed to potential risks.

Most smart device manufacturers publish on their websites a list of devices that are out of support or at the end of their life cycle. We recommend that you check to see if your device model (such as a security camera) is on this list.

Old Devices as Easy Target

Once support ends, cybercriminals gain an advantage. Devices like security cameras, routers, smart vacuum cleaners and locks run on operating systems or firmware that, when outdated, stop receiving security updates. This creates vulnerabilities that can be exploited for hacking or other malicious activities.

Without regular updates or security patches, these old devices act as open doors for cybercriminals. Hackers can easily find weaknesses in them. These vulnerabilities allow attackers to break into your home network, steal personal information, or even take control of other devices.

Botnet Stories

Vulnerable devices are often hijacked and become part of a botnet — a network of "zombie" devices controlled by hackers to carry out malicious tasks. Botnets can cause a lot of damage. They are very resilient, and they could reemerge after a disruption, causing further incidents. Historically, the Mirai  and Emotet  botnets are notorious for this.

Another recent case is a botnet called Quad7 , which has been active since 2022 and attacks home routers of well-known brands that users do not update and are therefore vulnerable and easily attacked. At its peak, this botnet compromised up to 16,000 devices mainly in America, Russia and partly in Europe. Interestingly, the botnet is still in operation and attackers are actively evolving it to cover new vulnerabilities and devices.

Update? Update!

It’s estimated that there were now around 17 billion IoT devices worldwid  in 2023, ranging from printers to garage door openers, all running software which can be vulnerable to hacking.

Many users are used to downloading updates and patches for their computers and phones, though a significant number still neglects to do so. The issue is even more severe with IoT devices. For example, how many people actually take the time to update their garage-door opener? Most IoT devices lack an easy way to update their software, making it difficult to address security vulnerabilities, which poses a serious problem.

Redamp.io | Smart Home: Beware of Old Devices

What To Do With Outdated Smart Device?

If you have one or more devices on your network that you suspect may be End Of Life (EOL), here are some tips on what to do:

First, check if the device still receives updates. Sometimes a final update might patch critical vulnerabilities. If not, you have two options:

If you are not going to keep the device

If you plan to keep the device

Stay Informed!