- Smart home devices include not only Amazon Echo, Apple HomePod and Google Home but talking refrigerators and the ability to control the lights and locks from anywhere in the world.
- VMWare Carbon Black's head cybersecurity strategist offers 7 tips to defend your smart home from hackers.
With the holiday season finally here, many of us eagerly turn our eyes toward the hottest new smart home gadgets and toys. As cyberspace has converged with our physical realities, our imaginations run wild as we think about how our lives could be transformed by personal assistants, talking fridges and the ability to control the lights and locks from anywhere in the world.
But we all need to be more aware that the rise in popularity of smart home and IoT (Internet of Things) devices has been accompanied by an increase in the discovery of critical vulnerabilities that threaten to expose unsuspecting users to a litany of privacy breaches.
In other words, that shiny, perfectly packaged gadget you're taking home or purchasing for a friend or loved one could actually be a secret passage into your home. Cyberspace is not pacific; criminals have migrated online. We hear stories about smart assistants listening to your every word, building comprehensive profiles of you and your habits for the perfect targeting of advertisements; door and security camera companies handing over footage to law enforcement. The potential for breaches of personal privacy at the hands of criminals where smart home and IoT devices are concerned is well documented.
One needs only to look at the past year of disclosures around vulnerabilities to understand that there is still a lot of ground to cover when it comes to smart home security. In their current state, irresponsibly implementing these technologies around your home can put your personal privacy and safety at risk. These devices can open the door for hackers looking to spy on you, steal from you, or even actively torment you, as was the case with a Milwaukee couple who came home to find their thermostat turned to 90 degrees and a disembodied voice talking to them through the speakers.
The aforementioned examples of security failures in smart home devices should give any potential buyer pause. Our homes are our sanctums, a bastion of safety and comfort from the outside world, and the thought of cyber intrusions into them is petrifying.
Realistically understanding the risks associated with smart home devices does not have to mean one must swear them off altogether. After all, the devices in question do add a level of convenience and comfort to our lives to which many of us have grown accustomed. If you value the convenience afforded by smart home technologies, following these key safety tips can help ensure that you retain the best of both worlds.
1. Check permissions upon installing a device. Most smart home devices have very generous data permissions set as the default. For each device you install, make sure you take a look through the privacy settings to make sure you're only sharing what you're comfortable with, and not just going with the factory settings on the device or any associated apps. For additional security, you can use a non-identifiable login that is not connected to any other account or service.
2. Keep an eye out for devices that are always on. Some devices are in a constant state of readiness, waiting for motion, voice, or other prompts that will make them spring into action. The problem is that these can often be abused by hackers. Like data permissions, these settings can be turned off or restricted, so be sure to consider this option to make your smart home more secure, and ensure you're not constantly under surveillance. Limit the use and location of ALWAYS ON smart speakers. You should also be extremely cautious where you enable voice service integrations as these may be accessible from outside of your home.
3. Maintain your devices. Update software on all devices & apps every week. Manufacturers regularly release software updates with security fixes that improve the security of their devices. A highly common tactic used by hackers is to wage large campaigns based on known vulnerabilities, attempting to break in anywhere where the updates have not been installed. By regularly updating your software, you can eliminate the risk posed by such attacks altogether.
4. Secure access. Change default passwords to sentences and enable multi-factor authentication for all applications. Of critical importance is to limit system admin to parents and force children and visitors into non system admin account "non-trusted."
5. Separate your devices. Hackers will often use unsecured devices as an "in" through which to breach other parts of a network. Maintaining a dedicated IOT network or a specific IOT only wireless network at home is a way to prevent hackers from using a hacked device as a foot in the door.
6. Protect your devices. Use next-gen AV (antivirus) on all tablets and laptops and install a firewall between router and devices. Lastly, use free OpenDNS services.
7. Create "safe rooms." Having worked in cybersecurity for some time, I can confidently state the unfortunate reality is that the question is not "if" something will be hacked, but rather "when" it will be hacked. With this in mind, you should consider keeping smart home technologies very restricted, or even out entirely, of those areas in your home you want to keep the safest, whether it's the master bedroom or your children's bedrooms, or even your bathroom. There is no better way to protect your privacy than eliminating or severely restricting the devices in those spaces altogether.
Smart home technologies are here to stay. Nearly a third of U.S. consumers reported purchasing or installing a smart home product in the past year, according to a recent study. We love them for their convenience, adaptability, and of course their novelty yet manufacturers of these devices still have a way to go when it comes to securing them. We as consumers must be extremely careful when we bring them into our homes. It is better to be sure that the privacy and the safety of your loved ones is protected from digital home invasions.
— By Tom Kellermann, head cybersecurity strategist at VMware Carbon Black