smart thermostat

Tips for Increasing Security in Your Smart Home

On their own, smart home devices do not protect themselves. Users must take action to protect their privacy and data security.

  • By Richard Butts
  • Nov 26, 2019

Smart home technology is rapidly growing and changing the landscape of modern homes. IoT devices—which have long been used in various industries—are now creeping into the household faster than consumers can adapt. As with any innovation, there are accompanying risks and dangers. The most pressing issue with connected devices is their inherent lack of robust security, since some manufacturers—many argue—seem to be more concerned about making money quickly than providing long-term protection to consumers.

The risk associated with connected devices at home is mostly virtual, that is, unseen, and generally negligible. That said, when pushed further, these risks can easily inflict consumers with financial, emotional, psychological and even physical damages.

Network possession and break-in

The most serious risk consumers face, if their smart home devices are compromised, is to lose control of their network. This scenario has occurred many times in government and private entities when hackers take full control of their systems and keep them out of their networks. When bad actors take control of all devices in a smart home, they can unlock and disable smart locks, disable the alarm system, turn off cameras and execute a clean break-in.

Espionage and data breach

Cyberstalking is the most common risk consumers face when their devices are compromised, because hackers do not need to take control of the entire network to execute the act. This act can be performed remotely on the other side of the world. In fact, in most cases, consumers are not even aware that they are silently monitored. Hackers can extract sensitive recordings, videos, files and money to inflict emotional, psychological and financial damages.

Miscellaneous attacks against consumers

Hacking, for the sake of it, is the new normal—as if owning a smart device nowadays is tantamount to getting hacked. When part or all IoT devices in a smart home are compromised, hackers can execute serious attacks against the homeowner or using the consumer’s IoT devices to attack others. The following are some of the most common attacks used by hackers:

  • Gain monetary profit
  • Create a hub for cryptocurrency mining
  • Carry out denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks against an institution
  • Create a botnet using smart home devices
  • Steal PII or financial credentials
  • Destroy connected devices
  • Cause chaos and destruction inside homes
  • Mislead victims by making devices send or display wrong information
  • Trigger falls alarms

How to Mitigate Risk

Unfortunately, as with all technology, an impenetrable IoT device has yet to be invented. That said, with persistence and hard work, consumers can mitigate and soften the risk and attain a higher level of security if they implement layered security on their smart home.

1. Network Security

The first layer of defense against hacking starts with protecting the network, by which all IoT devices in a smart home are connected. As the heart of a smart home, the network is the most critical component because it is where all devices are seen and exposed. It is where endpoints or entry points are created. If the network is shielded, all IoT devices inside it are also protected.

Two of the most reliable network security providers in the market today, which are designed and developed for smart homes, are Bitdefender Box 2 and Norton Core.

2. VPN

A virtual private network (VPN) does not provide outright security against malware (worms, viruses, etc.) and phishing, but it can confuse potential hackers. A VPN is effective in encrypting the homeowner’s website traffic, along with the communication sent and received by all the IoT devices connected to the network as they reach out to the outside world. A VPN effectively wraps the traffic in an encrypted tunnel as it travels in and out of the network, so outside onlookers are blinded.

As a secondary layer of protection, a VPN is a mandatory accessory that can significantly reduce the risk of being exposed to hackers.

3. Router

The router is an essential component of any smart home, without which, IoT devices will not be able to communicate to the outside world. The router is also responsible for giving all smart devices access to the network and connectivity, so they can communicate with each other. In itself, the router provides a minimum amount of security called a firewall to all connected devices. However, by configuring the router, the homeowner can achieve some level of protection against hacking:

  • Disable SSID broadcast. As a precaution, consumers should know all the features of their router and know when to disable them when they are not needed. The most neglected feature that consumers often leave untouched is the router’s ability to broadcast the Service Set Identifier (SSID) or the Wi-Fi name. By disabling the router’s ability to broadcast its SSID, consumers are significantly reducing the risk of exposure. And by hiding the Wi-Fi name, consumers are effectively disabling one possible entry point to the network.
  • Change admin credentials. Many consumers do not change the admin credentials that come with their routers. In addition, many consumers do not even know how to change the default credentials at all. You do not have to be a hacker to penetrate the router, as most admin credentials are publicly available.
  • Change the SSID name and password. Consumers should also know how to change the SSID name and the corresponding password. Changing SSID names and passwords from time to time is a good deterrence against hacking.
  • Isolate all guests to a separate network. It is also a good idea to create an exclusive network for guests. The router has a dedicated guest network ready to be enabled when needed. Routing all guests to a separate network will mitigate the risk of exposure.

4. Special protection for critical devices

Of all the connected devices in a smart home, the personal computer is perhaps the most critical piece of device that must be wholly protected because it is where sensitive information is stored. It is where online accounts are accessed. It is where files are downloaded, obtained and sent. In most cases, an antivirus for computer already includes an array of protection, including antivirus itself, firewall, file encryption, antispam, ransomware protection, password manager, data protection, video and audio protection, anti-tracker, anti-theft, and even VPN. The same antivirus protection can be extended to also protect mobile devices.

5. Password manager

For many consumers, running a smart home is challenging. And assigning each device with a unique password is even more burdensome, especially if they are connecting multiple devices to the network. As a result, the same password is often recycled and assigned to every device across the network, email addresses and online accounts, and even bank accounts! The damage—even when only one device is compromised—is catastrophic. The hacker can surely maneuver himself around the network and access everything using the same password. The solution is to create a unique and strong password for every device and every account. A password vault—like 1Password—is needed to store and encrypt all passwords. The password manager can generate a unique password for every device. It will alert the user to change six months or older passwords.

6. 2FA

The final layer of protection available to consumers is to enable two-factor authentication (2FA) if supported by the device. The majority of online membership accounts nowadays already support 2FA. This layer of protection is plain simple but effective. Whenever there is an attempt to access the device, it has to be first verified by a code sent through a verified mobile number or email address. Failure to verify, will keep the device locked forever.

Outsmarting Hackers

Unfortunately, there is little the consumers can do to prevent hacking, especially if the bad guys are determined professionals and really want something of value from the consumer. Outsmarting them is the most effective way of preventing hacking:

  • Map all devices in the network. As homeowners, it is smart to map all devices in the smart home. It is critical to have a clear accounting of all the devices along with their admin credentials (username and passwords), IP addresses and what network they are connected to.
  • Patch vulnerable devices. Manufacturers of IoT devices regularly release patches and firmware updates to make their devices more secure. As users of smart home devices, consumers should take advantage of these updates. It’s also recommended to enable auto-update on their devices.
  • Change default settings. Smart home makers ship out their products with simplified configurations (sometimes with admin credentials printed on the device), so users can set them up quickly without losing their minds. Once fully set up and connected to network, consumers should take some time to configure each device and beef up security.
  • Replace compromised and unsupported devices. For no reason, manufacturers sometimes stop supporting their products, stop releasing patches and firmware updates, or cease operation. As a homeowner, you should conduct routine security checks to determine the health of every IoT device in the network. If no longer supported, it may be wise to dispose the product.

The Takeaway

The most significant benefit of using IoT devices at home is that they can make life easy by offloading some of mundane tasks from users, and quite honestly, provide some level of security and convenience to users. The downside is that these devices create unnecessary endpoints or entry points for hackers. On their own, smart home devices do not protect themselves. They must be protected by the users so they can continue to protect them.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events

  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

Most   Popular

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.