If you want your smart home to do more good than harm, you should configure it properly and secure it accordingly. We examine smart home security in detail. Smart features and internet connectivity are built into most TVs, baby monitors, and other digital devices. Whether you use these features or not, smart devices harbor security risks you should be aware of and guard against. And the more functions you use in your smart home, the more important it is to protect the individual components.
The Biggest Smart Home Risks
Networked household appliances harbor several fundamentally different types of risks:
- The devices share numerous data with the provider regularly. For example, your smart TV can identify the content you’re watching – even if it’s stored on a flash drive or external player. Certain providers earn a lot of money by spying on their customers. Even less complex devices like smart washing machines collect and exchange data with manufacturers.
- Hackers can hijack the device if your smart device is protected with an inadequate password and is still running on factory settings that nobody has changed or has vulnerabilities in the operating system. Depending on the device type, this has different consequences. A smart washing machine, for example, can be switched off in the middle of a wash cycle, while baby monitors can spy on or even scare house residents. A comprehensively equipped smart home is also susceptible to unpleasant scenarios – such as a power failure or switching the heating off.
- A hijacked smart device can be infected with malicious code and used for cyberattacks on both computers on the home network and devices on other networks. Massive DDoS attacks are known to have been launched solely from infected surveillance cameras. The owner of the infected device risks having their internet connection cut and being placed on various blocklists.
- If the security measures implemented by the manufacturer are insufficient, the data sent by the device can be found and published. The recordings from surveillance and door viewer cameras are sometimes stored in poorly protected cloud environments and are freely accessible to everyone.
You can be spared this horror because the risks can be significantly reduced.
What If You Don’t Need A Smart Home?
Smart homes are often not used at all. Statistics from device manufacturersAccording to them, half of all IoT devices are never connected to a network. Their owners use them the old-fashioned way, without managing them via a mobile app or some other twenty-first-century luxury. However, even such a device that is not configured poses security risks. It may expose an open, unsecured WiFi access point or occasionally try to connect to nearby phones via Bluetooth.
In this case, someone, e.g., B. Your neighbor to take control of the device. So the least you have to do to “disarm” your smart home devices is to read the user manual, open the settings and disable both the WiFi and Bluetooth connections. There are devices where this is not possible or which turn the WiFi back on after an interruption in the power supply. This can be fixed with a slightly complicated but effective trick:
- Temporarily change your WiFi password.
- Connect the device in question.
- Change the password again.
The device will still try to connect using the invalid password, but it will be impossible to hack by misusing the default settings.
Whether your smart home is centrally managed or has different devices that aren’t connected, they still need basic security.
- Make sure your wireless router is protected. Remember that your router is also part of the smart home system. We have published several in-depth guides on securing a home WiFi system and properly configuring a router. We want to add that home router firmware often contains vulnerabilities exploited to attack home networks, so the “set it up and forget it” approach doesn’t work here. Firmware updates must be checked regularly. High-quality routers can update their firmware directly from the web interface administration menu. If this is not the case for you, contact the manufacturer’s website or your internet service provider to obtain a newer firmware version and follow the appropriate installation instructions. Before you end this router adventure, ensure you can manage the router from outside your home network. It is disabled in the settings. While ISP staff sometimes need this feature for troubleshooting, it is often enabled when not needed, increasing cybersecurity risks.
- Check your network regularly to ensure no unauthorized devices are connected to it. The best way to do this is with a special app. It’s important to keep track of your devices and remove unnecessary devices, e.g., B. a refrigerator that doesn’t need a WiFi connection or a neighbor looking for free WiFi.
- When buying a device, pay attention to the reputation of the manufacturer. Every vendor deals with vulnerabilities and bugs, but while some vendors fix their bugs quickly and release updates, others deny there is a problem for as long as possible. 34% of users believe choosing a trusted provider is enough for a secure smart home. While this reduces risk, there are more steps to be truly protected.
What If Your Smart Home Is WiFi Based?
Do you have many smart devices that need to be connected or connected via Amazon Alexa or Apple Homekit? In this case, each device connects independently to the Internet via WLAN. From a security point of view, this is the most complex scenario since the passwords, firmware, and vulnerabilities must be discovered individually for each device. Unfortunately, setup details vary significantly from device type to device type and manufacturer to manufacturer, so we’ll limit ourselves to general recommendations here.
- Set up a guest WiFi network. Experts call this “network segmentation.” Your home network should be divided into home computers, guest devices, and smart home devices. Many routers cannot perform such miracles, but you should set up at least two segments: one for home devices and one for guests. This prevents visitors from reconfiguring their cameras or turning on the vacuum cleaner robot for fun. The segments must be secured with different WiFi passwords, with the guest segment having more stringent security settings, e.g., B. Client isolation, bandwidth limitations, etc. Confining IoT devices to a separate segment reduces the associated risks. For example, a hacker cannot attack a home computer via a hijacked IP camera. The same is true vice versa: an infected home computer cannot access a video camera. To follow this tip, open the router’s web-based interface and check the WiFi settings. If some of your devices are wired to the router, ensure they are on the correct network segments by checking their appropriate settings in the remaining areas.
- Set strong passwords. Access the settings for each device. This can be done through an official mobile app and sometimes a web interface. Set up a long, unique password for each device, and never use one password for all devices! To keep track of things, use a password manager.
- Update the firmware. Do this for each of your devices that support firmware updates via an app or web interface and repeat at regular intervals.
- Check the online service settings. The same device can operate in different modes, sending different amounts of information over the Internet. For example, a vacuum cleaner robot can upload a detailed cleaning pattern to the server – meaning a map of your premises – or not. A video door viewer can store any photo or video of a visitor approaching your door on the server that it detects with a motion sensor or only displays when you press the button. Do not overload the provider’s cloud storage with unnecessary information: disable unused functions. In addition, it is better not to send data to the server, which can be excluded from disclosure without affecting the device’s usefulness.
- Keep track of updates from the manufacturers of the devices you use. It happens that IoT devices have critical vulnerabilities or other problems, after which their owners need to take action: update the firmware, enable or disable a certain function, reset the password, delete an old cloud backup… Responsible providers publish on their websites, usually safety recommendations and newsletters. However, these are often written in complex language and contain information about many devices that must be more relevant to you. It makes more sense to occasionally check for news about the devices you are using and visit the official website if you find anything troubling.