Smart home hacking fears: What’s real and what’s hype

News of more than 120,000 Korean home cameras being hacked recently can shake your confidence in connected devices. Stories like that make you picture cybercriminals breaking into homes with high-tech gadgets and spying on families through smart cams. That reaction is natural. But most of these headlines leave out important context that can help you breathe a little easier.

First, smart home hacking is rare. Most incidents stem from weak passwords or from someone you already know, rather than from a stranger with advanced tools. Today's smart home brands push out updates to block intrusion attempts, including patches for new AI-related vulnerabilities that often make headlines.

Let's break down what actually puts a smart home at risk and what you can do to stay safe.

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

SMART HOME DEVICE MAKER EXPOSES 2.7 BILLION RECORDS IN HUGE DATA BREACH

Many people imagine cybercriminals driving around neighborhoods with scanners that look for vulnerable devices. In reality, Wi-Fi ranges and technical limits make that nearly impossible. Even high-profile hacks of casinos and large companies do not translate to criminals trying to breach residential smart locks for petty theft.

Burglars still choose low-tech methods. They look for unlocked doors or easy entry points. They avoid complicated hacking tools because the payoff is too small to justify the work.

So how do smart homes get hacked? Here are the real attack paths and how they work.

Smart homes face a handful of digital threats, but most come from broad automated attacks rather than someone targeting your house.

Bots constantly scan the internet for weak passwords and outdated logins. These brute force attacks throw billions of guesses at connected accounts. When one works, the device becomes part of a botnet used for future attacks. That doesn't mean someone is targeting your home on purpose. Bots search for anything they can breach. A strong password stops them.

Some phishing emails impersonate smart home brands. Clicking a fake link or sharing login details can open the door for criminals to reach your network. Even a general phishing attack can expose your Wi-Fi info and lead to broader access.

Hackers often go after company servers, not individual homes. These breaches may expose account details or stored camera footage kept in the cloud. Criminals may sell that data to others who might try to use it. It rarely leads to direct smart home hacking, but it still puts your accounts at risk.

Early IoT devices had vulnerabilities that allowed criminals to intercept the data they sent and received. (IoT stands for Internet of Things and includes everyday connected gadgets like smart plugs, smart thermostats or Wi-Fi cameras.) Modern products now use stronger encryption, making these attacks extremely rare in the real world.

Bluetooth issues still pop up from time to time, but most modern smart home devices use stronger security than older models. When a new flaw is discovered, companies usually release fast patches, which is why it's important to keep your apps and gadgets updated. Today, these Bluetooth risks rarely lead to real smart home problems.

ADT HACKED: IS YOUR HOME SECURITY SYSTEM REALLY SECURE?

When hacking happens, it usually involves someone with some level of access already. In many cases, no technical hack occurs at all.

Exes, former roommates or relatives often know login info. They may try to spy or cause trouble. Update all passwords if you suspect this.

There have been cases where employees at security companies snooped through camera feeds. This isn't remote hacking. It's a misuse of internal access.

They steal account lists and login details to sell. Others may buy those lists and try to log in using exposed credentials.

Some send fake messages claiming they hacked your cameras and threaten you. Most of these scams rely on lies because they have no access at all.

Some banned foreign manufacturers pose surveillance risks. The FCC maintains a list of companies that cannot sell security tech in the U.S. Always check that list before buying unfamiliar brands.

Some everyday gadgets create small but real entry points for trouble, especially when their settings or security features get overlooked.

They often arrive with default passwords that owners forget to change. Older models may use outdated IoT protocols with weaker protections. Many do not get frequent security updates.

Wi-Fi offers convenience but also adds risk. Weak routers and poor passwords can allow strangers to access a feed. Closed network monitors avoid Wi-Fi risks but still face basic signal interception attempts.

During setup, some bulbs broadcast an open temporary network. If a criminal joins at the exact right moment, they could reach the rest of your devices. These cases are rare but possible in theory.

Voice ordering can be exploited by curious kids or guests. Set a purchase PIN so no one can order items with simple voice commands.

Strong habits and a few simple tools can block the most common threats that target connected homes.

Choose long, complex passwords for your Wi-Fi router and smart home apps. A password manager makes this simple. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

Brands like Ring and Blink already use it. Add two-factor authentication (2FA) to every account that supports it.

Removing your personal details from data broker sites helps prevent criminals from using leaked or scraped information to access your accounts or identify your home.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

Strong antivirus protection blocks malware that could expose login details or give criminals a path into the devices that manage your smart home. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

Pick smart home products from companies that explain how they protect your data and use modern encryption to lock down your footage and account details. Look for brands that publish clear security policies, offer regular updates and show how they keep your information private.

Pick security cameras that let you save video directly to an SD card or a home hub, rather than uploading it to the cloud. This keeps your recordings under your control (and helps protect them if a company server is breached). Many cameras from trusted lines support local storage, so you do not have to rely on a company server.

Install firmware updates quickly. Enable automatic updates when possible. Replace older gadgets that no longer receive patches.

Your router is the front door to your smart home, so lock it down with a few simple tweaks. Use WPA3 encryption if your router supports it, rename the default network, and install firmware updates to patch security holes. For a full step-by-step guide on tightening your home network, check out our instructions in "How to set up a home network like a pro."

Smart homes feel intimidating when scary headlines surface. But when you look at real-world data, you see far fewer risks than the stories suggest. Most attacks rely on weak passwords, poor router settings or old devices. With the right habits, your smart home can stay both convenient and secure.

What smart home risk concerns you most, and what part of your setup makes you nervous? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

Copyright 2025 CyberGuy.com.  All rights reserved.

Needle-free glucose checks move closer to reality

Managing diabetes already brings stress from medications and long-term health risks. Regular glucose checks only add to the weight. Most people test with finger pricks or wear a patch that needs a sensor under the skin. If you dislike needles, this part can feel like the hardest task of the day.

Researchers at MIT are working on a new option. They developed a device that shines near-infrared light on your skin and reads your blood sugar without breaking the surface. It works through Raman spectroscopy, a method that looks at how light scatters when it hits molecules in your tissue.

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

CANCER CURES COULD BE IN REACH WITH CUTTING-EDGE MEDICAL TECH, DOCTOR PREDICTS

The current setup is about the size of a shoebox. You rest your arm on top for a 30-second scan. A small beam shines through a glass window onto your skin. The light returns with tiny shifts in wavelength that reveal what molecules are present.

Earlier Raman systems pulled in about 1,000 spectral bands with plenty of noise. The MIT team discovered that they only need three bands to calculate glucose levels. With fewer signals to process, the device becomes smaller, faster and more affordable. This boost also improves speed since the system no longer sorts through redundant data.

In a four-hour study, a volunteer drank two glucose drinks while researchers took readings every five minutes. The new scanner matched the accuracy of two commercial glucometers the participant wore. That result surprised the team since the device is still in early development.

After perfecting the shoebox version, MIT engineers built a prototype the size of a cellphone. That unit is now in clinical testing with healthy and prediabetic volunteers. A larger trial with people who have diabetes is expected next year.

The long-term goal is even more exciting. Researchers believe they can shrink the hardware to a watch size. They also want to confirm that the system reads accurately across many skin tones. If these steps succeed, a wrist-based glucose monitor could be possible.

This light-based method joins other ideas that try to move past needles. A recent chest strap used ECG signals to predict glucose levels. It looked promising, but it still needs time before it reaches consumers. Interest in noninvasive monitoring keeps growing since so many people want relief from the pain of repeated skin punctures or adhesive patches.

HUMANOID ROBOT PERFORMS MEDICAL PROCEDURES VIA REMOTE CONTROL

If you or someone you love manages diabetes, fewer needle sticks could change your routine. A quick scan may replace the stress of drawing blood or inserting a sensor. The accuracy seen in early testing shows that noninvasive tools are not a distant dream. They could help you catch swings in your levels faster and bring more comfort to a daily task that often feels overwhelming. 

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com 

A handheld or watch-sized glucose scanner would mark a major shift in diabetes care. MIT's work brings that future closer with a design that reads your chemistry through light. The next few clinical trials will show how well it performs in real conditions.

What feature would matter most to you in a needle-free glucose monitor? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

Copyright 2025 CyberGuy.com.  All rights reserved.

Fake Windows update pushes malware in new ClickFix attack

Cybercriminals keep getting better at blending into the software you use every day. 

Over the past few years, we've seen phishing pages that copy banking portals, fake browser alerts that claim your device is infected and "human verification" screens that push you to run commands you should never touch. The latest twist comes from the ongoing ClickFix campaign.

Instead of asking you to prove you are human, attackers now disguise themselves as a Windows update. It looks convincing enough that you might follow the instructions without thinking, which is exactly what they want.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

NEW SCAM SENDS FAKE MICROSOFT 365 LOGIN PAGES

Researchers noticed that ClickFix has upgraded its old trick. The campaign used to rely on human verification pages, but now you get a full-screen Windows update screen that looks almost identical to the real thing. Joe Security showed how the page displays fake progress bars, familiar update messages and a prompt that tells you to complete a critical security update.

If you are on Windows, the site tells you to open the Run box, copy something from your clipboard and paste it in. That "something" is a command that silently downloads a malware dropper. The final payload is usually an infostealer, which steals passwords, cookies and other data from your machine.

NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS

The moment you paste the command, the infection chain begins. First, a file called mshta.exe reaches out to a remote server and grabs a script. To avoid detection, these URLs often use hex encoding for parts of the address and rotate their paths. The script then runs obfuscated PowerShell code filled with junk instructions to throw researchers off. Once PowerShell does its work, it decrypts a hidden .NET assembly that functions as the loader.

The loader hides its next stage inside what looks like a regular PNG file. ClickFix uses custom steganography, which is a technique that hides secret data inside normal-looking content. In this case, the malware sits inside the image's pixel data. The attackers tweak color values in certain pixels, especially in the red channel, to embed pieces of shellcode. When you view the image, everything appears normal.

The script knows exactly where the hidden data sits. It extracts the pixel values, decrypts them and rebuilds the malware directly in memory. That means nothing obvious is written to disk. Security tools that rely on file scanning miss it, since the shellcode never appears as a standalone file.

Once rebuilt, the shellcode is injected into a trusted Windows process like explorer.exe. The attack uses familiar in-memory techniques such as VirtualAllocEx, WriteProcessMemory and CreateRemoteThread. Recent ClickFix activity has delivered infostealers like LummaC2 and updated versions of Rhadamanthys. These tools are built to harvest credentials and send them back to the attacker with very little noise.

The best way to stay protected is to slow down for a moment and follow a few steps that cut off these attacks before they start.

If any site tells you to paste a command into Run, PowerShell or Terminal, treat it as an immediate warning sign. Real operating system updates never require you to run commands from a webpage. When you run that command, you hand full control to the attacker. If something feels off, close the page and don't interact further.

Updates should only come from the Windows Settings app or through official system notifications. A browser tab or pop-up pretending to be a Windows update is always fake. If you see anything outside the normal update flow asking for your action, ignore it and check the real Windows Update page yourself.

Choose a security suite that can detect both file-based and in-memory threats. Stealthy attacks like ClickFix avoid leaving obvious files for scanners to pick up. Tools with behavioral detection, sandboxing and script monitoring give you a much better chance of spotting unusual activity early.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

Password managers create strong, unique passwords for every account you use. They also autofill only on legitimate websites, which helps you catch fake login pages. If a manager refuses to fill out your credentials, take a second look at the URL before entering anything manually.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

Many attacks start by targeting emails and personal details already exposed online. Data removal services help shrink your digital footprint by requesting takedowns from data broker sites that collect and sell your information. They can't erase everything, but reducing your exposure means fewer attackers have easy access to your details.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

A convincing layout doesn't mean it is legitimate. Always look at the domain name first. If it doesn't match the official site or uses odd spelling or extra characters, close it. Attackers rely on the fact that people recognize a page's design but ignore the address bar.

Fake update pages often run in full-screen mode to hide the browser interface and make the page look like part of your computer. If a site suddenly goes full screen without your permission, exit with Esc or Alt+Tab. Once you're out, scan your system and don't return to that page.

ClickFix works because it leans on user interaction. Nothing happens unless you follow the instructions on the screen. That makes the fake Windows update page especially dangerous, because it taps into something most people trust. If you are used to Windows updates freezing your screen, you may not question a prompt that appears during the process. Cybercriminals know this. They copy trusted interfaces to lower your guard and then rely on you to run the final command. The technical tricks that follow are complex, but the starting point is simple. They need you to help them.

Do you ever copy commands from a website without thinking twice about what they do? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report 

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

Copyright 2025 CyberGuy.com.  All rights reserved.