Why your smart thermostat could threaten your savings

Keytrade Bank

keytradebank.be

October 23, 2025

3 minutes to read

We fill our homes with smart devices that make our lives easier. But what we sometimes fail to see is that every device is a potential gateway to our home network. This network contains everything that criminals find interesting.

The average household in Europe has approximately 17 devices connected to the internet (source). From smart lamps to security cameras, from fitness trackers to smart washing machines, they are often all connected to the same network as the laptop or smartphone you use to manage your banking.

The problem Most of these devices are designed with convenience as a top priority, not security. And that makes them ideal gateways for cybercriminals who don't want to hack your doorbell, but your bank account.

1. The weakest device determines your security

Imagine having a well-secured laptop with strong passwords and two-step authentication. But your smart thermostat still uses the default password “admin123”. For a hacker, it's like a house with a reinforced front door but a wide-open kitchen window.

The phenomenon is called lateral movement. Criminals gain access through the least secure device on your network and then navigate laterally to more valuable targets. That smart lamp in your hallway? If hacked, an attacker can scan your entire network from that point, search for vulnerabilities, and ultimately gain access to the devices you use for banking.

Some 820,000 attacks on smart devices are launched worldwide every day (source). In many of the successful attacks, we don't notice anything because the attackers remain silently present, waiting for the right time to strike. That moment often comes when we carry out a financial transaction.

What makes this so insidious is that modern attackers are patient. They don’t install viruses that cause your computer to crash. They observe, record keystrokes, intercept data, and wait until you log in to your investment platform or use your credit card to make an online purchase.

2. Default passwords: the open invitation

When you set up a new smart device, you are often prompted to download an app, connect the device to Wi-Fi, and that's it. Many people never change the default password. Why should you? It works, doesn't it?

This is the crux of the problem: manufacturers frequently use the same default passwords across entire product ranges. Criminals are aware of these lists: there are online databases containing thousands of default login details for popular brands. An automated scan of your neighbourhood, testing a few default combinations, and they will gain access within minutes.

A well-known example was the 2016 Mirai botnet, which infected hundreds of thousands of smart devices simply by trying out default passwords. These devices were then used for large-scale cyberattacks.

What do you do then? For every new device: change the default password immediately. Use a unique, strong password that you don't use anywhere else. Enable two-step authentication if the device supports it. But what if a device doesn't allow you to change the password? Seriously consider whether you want to use this device.

3. Outdated software: the invisible vulnerability

When was the last time you updated your smart doorbell's firmware? Or your Wi-Fi printer’s?

Smart device software may contain vulnerabilities. It’s almost inevitable. The difference between a secure device and an unsecure one lies in how quickly those vulnerabilities are closed. Good manufacturers regularly release updates. But if you don't install those updates, your device will remain vulnerable.

The problem is exacerbated by the fact that many manufacturers stop supporting them after a few years. Your five-year-old smart speaker will no longer receive updates, but still works perfectly. Except that the digital door can be wide open to anyone who knows the now well-known vulnerabilities.

Criminals actively scan for devices with outdated software. They use automated tools that scan thousands of devices per hour for known vulnerabilities. If your router, camera, or thermostat hasn't been updated recently, it will stand out immediately

An additional risk is that while many devices update automatically, some still require manual approval. If you ignore or delay that notification, you remain vulnerable. So make a habit of checking all connected devices for available updates on a monthly basis. Turn on automatic updates where possible – and replace devices that no longer receive updates.

4. The smart camera that spies on you

A stranger who can not only watch via the baby monitor, but also talk through the speaker? Frightening, but not uncommon (source). Security cameras, video doorbells and baby monitors: they’re compromised every day.

Often you won't notice anything. The camera is functioning normally; it's just that someone else is watching too. Criminals use hacked cameras not only to spy but also to analyse your behaviour. When are you at home? When are you at your computer? They use this information to choose the perfect time for an attack or even a break-in.

But there is a more insidious risk: many of these cameras are connected to apps that access other features of your smartphone. If a criminal hacks your camera and then gains access to the app, they may also be able to access your photos, contacts, or location data.

An additional problem is that images from hacked cameras are sometimes resold. There are online platforms where access to private cameras is traded. Your home becomes a source of entertainment or, worse yet, a target for specific criminal activities.

The answer: Choose cameras from reputable brands with a good security history. Enable all available security features, such as encryption and two-step authentication. Put a sticker over the lens of cameras you are temporarily not using: simple but effective.

5. The invisible network within your network

Many modern smart devices communicate with each other without you realising it. Your smart speaker turns on the light, your thermostat adjusts itself based on your calendar in the cloud, your doorbell sends a notification to your phone. All useful automations, but also additional connections that can be hacked.

These devices often use protocols such as Zigbee, Z-Wave or Bluetooth for communication. These protocols are convenient because they consume little energy, but they are often less secure than your Wi-Fi network. A criminal doesn't even have to invade your Wi-Fi - they can connect directly to devices using these alternative protocols.

Let’s say your smart door lock communicates via Bluetooth. If an attacker comes within range (sometimes up to 100 metres with the right equipment), they can attempt to gain access. If he succeeds, he will not only open your door but may also gain access to the network your lock uses.

What do you do then? Turn off functions you don't use. If your smart TV has a microphone but you are not using voice control, turn that microphone off. Where possible, use a separate guest network for smart devices to keep them distinct from the devices you use for banking. And review the privacy settings of each device; you can often limit or disable certain communications.

6. The cloud where all your data comes together

Most smart devices do not operate autonomously. They transmit data to the cloud: your thermostat sends temperature readings, your doorbell stores video footage, and your fitness tracker uploads health information. All this information comes together on manufacturers’ servers.

When such a cloud service is hacked, not only is your data compromised, but access codes to your home network too. In 2021, databases belonging to several major manufacturers were leaked, containing millions of account details, Wi-Fi passwords, and network configurations (source). Criminals use this information for targeted attacks. They know what devices you have, how your network is configured, and often even have your login details. For each smart device, check: where is your data stored? How long is it stored for? Who can access it? Many manufacturers sell data to third parties or use it for targeted ads. Read privacy terms, no matter how boring. Use a unique password for each device so that a data breach won’t compromise all your accounts.

7. The illusion of convenience over security

The appeal of smart devices is undeniable. Who doesn't want to turn up the heating at the touch of a button or check from abroad that the children have arrived home safely? But convenience comes at a cost, and that cost is often your digital security.

Many manufacturers deliberately choose ease of use over security: easy installation, no complicated configurations, plug-and-play, etc. But that simplicity often also means minimal security, default passwords, and automatic connections without confirmation.

The risk is compounded by the fact that many people have dozens of smart devices but don’t have a complete overview of them. Therefore, make an inventory. Which devices are connected to your network? For each device, ask yourself: is it necessary? Is it still being used? Is the security up to date? Can it be disconnected or replaced by a non-smart version?