How important is it to secure your smart home devices and stop those who would wish you harm causing unnecessary problems? Well, the answer is probably more than you might at first think. The Internet of Things (IoT) has fundamentally changed the tech landscape to such an extent that the use of smart home appliances is now widespread. It’s currently estimated that 40 per cent of American households use some form of smart technology, and the market is only set to grow further; by 2020 it’s forecasted that the American market alone will be worth $21.6 billion.
Smart TVs, intelligent bathroom fixtures, connected fridges, home alarms, home security cameras and baby monitors are fantastic and supremely useful in today’s interconnected world. They can undoubtedly make life that much easier, but they are none the less fallible. Why’s that you may wonder? Well, the answer’s simple: their functionality is dependent on apps and web portals, and that potentially makes them vulnerable to hackers. So, the question we should all be asking ourselves is how can we enjoy the benefits of smart technology without leaving ourselves vulnerable to attack?
Before we can even discuss how to prevent smart home hacks, it’s necessary to get a better and more thorough understanding about what we actually mean by smart devices? It might seem counter-intuitive to say this, but just because a device is referred to as smart doesn’t mean it’s intelligent – whether that’s real or artificial intelligence. These state-of-the-art devices are referred to as smart because they are able to connect to your local network either through WiFi or sometimes Bluetooth and can be controlled remotely, often through some sort of app or web-based gateway.
When you think about the convenience of living in a home where you can access lights, heating, the washing machine or the garage door from a centralized point through devices like Amazon Echo or Google Home hubs, it’s hardly surprising that they have been embraced by homeowners. Unfortunately, there is a flipside/downside to having this this convenience on hand. There is currently a price to pay for this convenience. Simply by being connected, IoT devices are vulnerable and are wide open to security risks and hacking. If you think about a smart device as a tint computer which you can access and control remotely; it doesn’t take a great stretch of the imagination to appreciate that if you can do this, someone else can too.
What threats to smart devices face?
Where do you start? Threats can potentially come from anywhere and everywhere. We’re all used to hacking nowadays: we hear about it all the time and appreciate that even multi-national businesses with massive security budgets are not even safe. Yet even though we’re aware of the threat, most of us don’t necessarily appreciate the true scale and potential of the threat. Research has shown that if an attacker can hack into a single device in a smart home, they are often able to then access an entire home network. What might start of as a simple hack of an unprotected security camera could potentially end up with personal data being stolen from your computer.
If you’re looking for other examples of how vulnerable smart devices are to hackers, then look no further than the Nest security system. A bug was discovered not that long ago in the Nest security system. That bug allowed a hacker to turn cameras on and off. There have also been examples in the news where Bluetooth-enabled children’s toys have been hacked and used for surveillance purposes. It might sound like something from science fiction film or an espionage movie, but it’s real and it’s potentially very worrying.
What are the main threats to smart devices?
Most smart devices run limited operating systems and should, therefore, be unlikely to be affected by most of today’s threats. However, that is not to say that they are invulnerable: they can still fall prey to botnets, authentication and data privacy threats. IoT devices often have limited capabilities and are generally not particularly effective in terms of security. Their vulnerability leaves them open to hacking and they could potentially be used as a gateway to access to other networked devices such as computers.
Botnets and DDOS attacks
The greatest security risk from IoT devices is not necessarily to us and our devices. In fact, the greatest risk is that our smart devices our become part of botnet attacks to others.
A botnet is a group of numerous devices under the control of a hacker. They can be used to virtually bombard a website with so many requests that it will stop working. Similar distributed denial-of-service, or DDOS, attacks can also target service providers and cause service disruptions. How serious is the threat from botnets? Well, the Mirai botnet attack brought down a large part of the American Internet back in 2016 – that’s how serious. It’s estimated that DDOS attacks have risen by over 90 per cent in the last 18 months, and that growth has been largely attributed to the growing number of breaches of smart home devices. A recent infection of the same Mirai malware was found to have infected over 100,000 smart devices over the course of a few days.
Securing your smart devices
Most of us can easily spot when our computers or smartphones have been hacked or breached. We’ve got used to it over the last few years and are resigned to the threat. The problem is the ability to recognise and identify a compromised smart home device is a lot more difficult. Phones and computers have all sorts of protections, firewalls and alerting systems which will often block unknown access attempts or at least send out a notification that a threat is likely. Connected home appliances don’t: they are just appliances that are online and programmed to respond to specific events.
What can be done to improve security?
There are several things you can do to improve the security of your smart devices. Some of them may be obvious, and you might already be doing them. The important thing is to make sure you are taking as many precautions as possible to lock down your security.
1 – Change the default password of all smart devices
In terms of precautions, this really is the most basic precaution you can take. The five most popular passwords – and these include common default passwords for several brands – can access one in 10 smart home devices. Shockingly, as many as 15 per cent of smart device owners never change default passwords. Granted, an unwieldy interface can make changing default passwords troublesome and inconvenient, but it’s worth the extra hassle if it can protect your smart device.
How do you choose a strong alternative default password? Well, choose a password with a minimum length of 15 characters, and include numerals, punctuation and capital letters. Use a non-dictionary word, and avoid simple substitutions, such as “3” for “e.”
2 – Choose smart devices with automatic software updates
Most people are aware of the fact that out-of-date software could contain bugs that allow intruders to gain access to devices. Hackers certainly are. By opting in to automatic software updates you’ll ensure that your devices are protected as quickly as possible and that they always run the latest and safest software. In ideal circumstances it probably pays to steer a wide berth around connected devices that require manual updates. There’s a very strong chance that these will quickly become outdated and therefore be vulnerable.
3 – Choose well-known brands
Why choose a well-known brand name when purchasing smart devices? Well, it’s not that equipment from larger, well-known companies will inherently be more secure. However, what they will generally be is more responsive to hacking reports and bugs, and do a better job of protecting their customers. While state-of-the-art innovative device from a new start-up might be exciting, you can never guarantee that the start-up will last, so you run the risk of seeing the manufacturer disappear leaving you and your device vulnerable. The perfect example of this is Otto, the smart door lock manufacturer. It marketed, what on the face of it, was an innovative $700 smart door lock. Unfortunately, four months later it shut down, leaving its customers with an internet-connected lock that would receive no further software updates.
4 – Don’t use sensitive user accounts on smart devices
We all love simplicity, and will do anything to make our lives that little bit easier. But beware: simple doesn’t always equal secure. Logging into your smart TV with your Facebook credentials might appear practical, yet it could be risky if that smart TV has a software vulnerability which allows attackers to access its login. A smart plug from Edimax infamously requested users’ personal email addresses and passwords in the setup process, putting this information at risk in the event of a hack.
A word of warning: never add confidential information to a smart device unless you can be absolutely positive that it is secure. Naturally, some devices might not give you that choice: Amazon’s Fire TV stick will have your Amazon, Gmail and credit card information. But, you can take some reassurance from the fact that a big business like Amazon is generally one you can trust with your information. What’s more, if you also secure your home network you can make it harder for someone outside to access your device. (see more later)
5 – Choose your smart devices wisely
Don’t let buying smart devices become a habit. As tempting as it might sound to buy countless pieces of smart kit to make your life easier, satisfy yourself with just buying the pieces of smart technology you really need. You might not get to brag about your latest smart wall light purchase, but so what? If your home is secure, you’re still a winner. The other thing to remember is just because one of your appliances has smart technology capability, there’s no need to connect it to the IoT if other smart devices can also do the job just as effectively. If you have a smart TV and a modern Xbox or PlayStation game console, there’s no need to connect your TV to the internet: you can just as easily watch Netflix or other subscription services on your games console.
6 – Secure your home network connection
Always, and this is important, change your internet router password. Even if the password seems to be a random string of characters, it still needs to be changed. You must also make sure your WiFi network is using an encrypted WPA2-PSK connection.
7 – Use a VPN for the best security and privacy
A Virtual Private Network, or VPN, is one of the best tools you can use to increase online security and privacy. A VPN works by encrypting all data in and out of the protected device using strong encryption, and that makes it impossible to crack. Once the data is encrypted, it is sent to a remote VPN server through a secure virtual tunnel– hence their name.
When you use a VPN, anyone intercepting your data won’t be able to make any sense of it and will have no clue what the data is and where it is going. A VPN will also make your devices harder to hack externally as the client will often only allow incoming data from the VPN server. And if you want to protect your whole house network, a VPN can be set up on your Internet router, thereby protecting each and every device.
There are a multitude of VPN providers offering services with similar features. That makes choosing an appropriate one for your needs pretty difficult. Ideally what you should be looking for is a fast speed connection, as this will ensure your high-bandwidth applications run smoothly, and a strict no-logging policy which will further protect your privacy: no usage restrictions will let your devices and systems access any content at full speed and software that can be installed on a router will let you protect your whole home.