Table of contents:
- Living in a Smart Home
- Smart Home: Threats and Countermeasures
- Several Precautions that can Help Safeguard Your Devices
- Steps to Take if Your Smart Home Network is Hacked
Do you know the dangers of smart home technology? Are your devices vulnerable to attacks by hackers? Smart homes use internet-connected devices, such as smart light bulbs and smart locks, that can autonomously flick on your lights, open doors.
But all this convenience and connectivity come at a price. The dangers of smart home technology are real. Namely, smart-home devices are prone to a plethora of security vulnerabilities that can put your data or property at risk if you’re not careful. Ahead are the scariest threats posed by your smart-home devices—and how to mitigate them.
Living in a Smart Home
Newly built smart homes, for the most part, incorporate modern building techniques that can take advantage of automation technologies. The idea is to give homeowners more control over their smart homes and their everyday living environment and personal lifestyle. If a home was not built with automation as a key design it can be retrofitted during a major renovation. Smart homes offer the following advantages over conventional homes.
The biggest reason consumers build and purchase a smart home is convenience. Systems like music and multimedia devices, intercoms, environmental control systems, and security installations can be remotely controlled and automated. Most modern devices can be integrated into a good smart home design. Daily tasks can be streamlined using smart home technologies. The ability to control all devices and systems from a central location like a cellphone, or a tablet, is a big convenience. Smart homes are all about convenience.
Advanced security systems with motion sensors, cameras, automated lighting functionality, and typically some type of connection to local law enforcement, are always a part of a well-designed smart home. There are many types of security systems that can be used in smart homes, including DIY systems and professionally installed systems. These systems include a variety of Internet of Things (IoT) devices. Setup can be very flexible depending on the needs and specific application.
The ability to access features of a smart home remotely and the ability to automate many tasks is of great benefit to senior and disabled residents. Labor-intensive tasks like watering the lawn and vacuuming can be automated or accomplished through on-demand controls. The dangers of smart home technology must be considered planning for and designing a smart home environment.
Energy and Resource Efficiency
A smart home has the ability to sense when a living area is not being used and can adjust lighting and environmental systems accordingly. Smart homes by design use energy-efficient appliances and when used in conjunction with other features of the home results in the reduction of resource utilization. Automation allows for the optimal use of heating and cooling systems.
Home Resale Value
The many features available in smart home design become a strong selling point when it is time to sell the home. Not only are home automation systems a good investment that increases property value, but they also can attract more buyer interest in a competitive market.
If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more.
An Overlooked Advantage
There’s another advantage to smart homes. The overlooked advantage is how smart home technology will develop in the coming years. Consumer interest generated by smart home technology means the world’s biggest tech companies and innovators have entered the market. That means better smart home technologies are constantly being developed.
Smart Home: Threats and Countermeasures
According to Rambus, a premier silicon intellectual property and chip provider, an estimated 80% of the Internet of Things (IoT) devices are vulnerable to one of many attack scenarios. These devices, for the most part, present very little security risk when used as stand-alone devices and not connected to the internet.
However, once connected, these stand-alone devices introduce numerous cybersecurity risks. These devices include lights, appliances, cameras, microphones, and entry locks. Other types of devices can range from automatic pet feeders to garage door openers. All these smart devices add to the danger of smart home technologies.
How Many Smart Home Products are Vulnerable to Hackers?
The answer is all of them! Cybersecurity professionals like myself are constantly trying to drive this point home to consumers. Smart home systems are made of a group of Internet of Things (IoT) devices. Remember the “I” in IoT stands for the Internet. Anything connected to the “I” can be vulnerable to hacker exploitation.
Smart devices can include televisions, cameras, entry locks, cat litter boxes, dog feeders, lightbulbs, garage door openers, refrigerators, and the list goes on. All these devices function in their traditional manners but are also a network of computers. They actually are as vulnerable as the network itself is. The devices often had sensors that are continuously collecting data.
The network itself can also be vulnerable due to the poor security features of these devices. This could allow malicious actors to gain access to your home network, and essentially, to your home. It’s scary, and diligent security practices must be utilized by users to maintain a secure posture.
Connected smart devices and appliances can be hacked into just like websites and computers can. A well designed smart home network will incorporate an enterprise-level network router with a reliable firewall activated.
Dr. Zahid Anwar of Fontbonne University provides an overview of which smart devices are most at risk and why.
Most vulnerable: Outdoor devices with embedded computers that support little or no security protocols. For example, garage door openers, wireless doorbells, and smart sprinklers are all examples of devices that may be easily accessible to someone driving down the street with a computer or other Wi-Fi transmitter.
Second most vulnerable: “Inside-the-home devices that can be controlled through an app from a smartphone or PC such as smart bulbs, smart switches, security cameras, baby monitors, smart door locks, smart thermostats, and personal home assistants,” says Dr. Anwar. “These devices rely on weak security tokens and maybe hacked due to weaknesses in the communication protocols used, configuration settings, or vulnerable entry-points left open by the vendor for maintenance.”
Less likely to be attacked: Home appliances like refrigerators, ovens, and automatic pet feeders are the least likely to be attacked, but it can happen.
Why Would Someone Hack a Doggie Feeder?
Is it the intention of the hacker to overfeed your doggie and make the poor thing fat? Probably not. Although amusing, not much of a rewarding experience. Hackers are typically looking for something of value like passwords or banking information. There’s a good chance that users of a smart doggie feeder will not change default passwords or take other precautions in securing the device.
READ MORE: How to Create Complex and Unique Passwords
So…, it becomes the path of least resistance to gain access to the network. Once they “Own” the feeder they can perform lateral attacks to compromise control mechanisms and gain access to more precious targets. At that point, they may be able to turn off security cameras or alarm systems. They can quite possibly gain full access from hacking a doggie feeder. A compromised and insecure home network, therefore, opens the door to burglary, identity theft, privacy violations, and scarier stuff.
The exact rate of security breaches is unknown. Manufacturers don’t disseminate this information and it doesn’t fall under the purview of any one particular regulatory body. What we do know is that anecdotal evidence is mounting.
The FBI warned parents about the risks of connected toys, an Internet-connected fish tank helped hackers steal data from a Las Vegas casino, and there are even free live streams of hacked security cameras broadcasting for free on the web and smartphone apps. We also know that there is no shortage of sophisticated scammers and identity thieves and that they continually refine their methods alongside changing culture and technology.
Many manufacturers are making devices that are easy to access without requiring authorization and authentication. As long back as 2015, there have been incidents of baby monitors being exploited by hackers. One such instance occurred in Lacey, Washington in 2015.
As reported by KIRO7 news the son of a couple stated that their son had been telling them for months that the ‘telephone’ was telling him to stay in bed. The monitor had been hacked. Reputable manufacturers design security into their products ensuring there are no known vulnerabilities. An example of a company using secure design practices can be realized in the Motorola MBP36XL baby monitor (as shown above).
Several Precautions that can Help Safeguard Your Devices
Many homeowners don’t want to go through the hassle of advanced electronics configurations. To simplify things I’ve compiled the easiest-to-follow tech tips that dramatically lower your smart devices’ susceptibility to hackers.
Always Purchase Devices From a Reputable Dealer. By the end of 2020, there will be 44.7 million smart households in the U.S. alone. With these vast numbers comes horror stories about hacked baby monitors and surveillance cameras’. Smart home devices are intended to provide a sense of security and comfort, but is it possible to use them without risks? The key is to mitigate as much of the risk as possible.
Weigh the vulnerabilities vs. the benefits. Keep in mind that there is no such thing as a 100% secure IT infrastructure. Your smart home network is it’s own small IT infrastructure. When designing and implementing a smart home network it is necessary to weigh the importance of each component to your lifestyle versus the risk of utilizing it.
Plan for a secure Wi-Fi network. The main focal point, to begin with, should the gateway to the Internet and the Wi-Fi features. A quality router like the TP-Link AC2800 has security features that when properly set up will secure your connection with the Internet and help protect your IoT devices.
The first thing to do is change the network name on the router using a non-descript name, and change the default password to a strong password using a combination of alpha-numeric and special characters.
Create segregated networks. It’s also a good idea to create a separate network for your smart home network than the one you use for personal devices like tablets and VOIP phones. The concept is to segregate your smart home network from the network you use for banking and other internet duties. Another segregated network should be available for guests to use when visiting your home.
Put an emphasis on strong password policies. Most IoT devices use the old-fashion password scheme, so it is important to always use strong passwords on every device. The first thing to do with any new device is to change the default password. A password manager like LastPass or Dashlane can help you remember them all more conveniently. Dashlane also has a useful feature that can be used to generate super secure passwords.
Register all devices with the manufacturer and keep the firmware up to date. Manufacturers push out software updates that address found vulnerabilities. When installing apps that are associated with new devices never allow any permissions that are not absolutely necessary.
When in doubt, use a professional for design and installation. There is a lot to know about networks, devices, and related applications in order to keep them secure in a smart home infrastructure. During installation, a professional can answer any security-related questions you may have about any devices and technologies you are using.
Deactivate or unplug devices that are not in use. If you leave town consider which of the devices do not need to be connected on the network. Disconnected devices are inaccessible to hackers.
Rest factory defaults before disposing of or giving away a device. On occasion, you will replace or eliminate a device on your network. Always completely clear all data on a device by reset to factory defaults. Data left on a device may be used to infiltrate your network or disrupt your privacy.
Steps to Take if Your Smart Home Network is Hacked
Photo by Nahel Abdul Hadi
There are Steps You can Take To Stop an Intruder
Stay Calm, Don’t Panic. Being the victim of a hacker is a scary feeling, along with the idea of your kingdom being violated. The good news is that you were alert enough to know you were hacked.
Most times when home networks get hacked the owner of the network has no idea they were hacked, and the abuse, whether being part of a botnet or having camera footage exploited, continues to happen. At least if you know about it, you can do something about it.
Reboot or Reset Devices. Follow manufacturers’ instructions for rebooting and/or resetting devices that are affected. This may not get the intruder off your network, but it’s simple to and is a good first step effort.
Upgrade Your Router. If your router is more than a few years old it is possible the manufacturer is not aggressively pushing out security updates. It is also possible that selective vulnerabilities do not have a fix.
Reset Security Settings on the Network Router. If your router is fairly new and does not dictate an upgrade you can take the following steps:
- Check to make sure the router’s firmware is up to date
- Assign a new administrator password.
- Ensure the WPA2 encryption scheme is enabled.
- Disable UPnP and WPS
- Enable and configure firewall features of the router.
Set New Strong Passwords. Be thorough and systematically go through all passwords. Use unique passwords for each device. Be sure to change passwords on your network router, WiFi authentication scheme, and all your connected devices. Change passwords on all devices even if they are not smart devices.
Keep in mind that the hacker may have had an opportunity to capture passwords and sensitive data enter in browser sessions so all sites and apps they may have compromised will need attention. A password manager like LastPass or Dashlane can help you remember them all more conveniently. Dashlane also has a useful feature that can be used to generate super secure passwords.
Additional measures can be taken. Enable multi-factor authentication on apps and accounts that allow for it. Isolate your devices by utilizing segregated networks. When buying new devices always have a security-first attitude. do your research on the maker and the model. Using multiple device makers in the network can help to confuse would-be attackers.
Featured photo by BENCE BOROS
Updated 07/05/2021 by Kirby Allen