People often worry about their computers, smartphones, and tablets secure from hackers and malware. But what about your smart home devices? They can be just as susceptible as any other device on your network, even if it doesn’t seem like it.
WHY WOULD HACKERS TARGET SMART HOME DEVICES?
For certain smarthome devices, like smart locks and Wi-Fi cameras, it makes a lot of sense why they would be great target for hackers. Hacking your smart lock would allow someone to break into your house without busting their way in. Hacking a camera would allow them to see if anyone’s home by taking a look at your video feed.
With other smart home devices, like smart outlets or smart thermostats, you might think that a hacker wouldn’t care. After all, who cares if a hacker turns your lights on and off? But there’s actually a lot that a hacker could do with those devices, theoretically.
For example, if someone was able to gain temporary access to the same Wi-Fi network that one of your smart outlets is connected (either by accessing an unsecured network or through some clever social engineering), they could then get remote access to the plug and therefore your network (possibly by using a reverse SSH connection), allowing them to do as they wish from that point.
There are a ton of ways hackers could barge their way in, but again, this is just an example of what could theoretically happen. We haven’t found any significant reports of actual smart home users getting hacked and causing significant damage on their end, but there is a much more real threat: botnets.
An unsecured device could be taken over with malware and used to participate in DDoS attacks. So while smart home devices may not be hacked to cause you damage, they can be used to cause damage to other users. So you should secure yourself against this for the betterment of the entire internet. This is not a theoretical threat: there have been plenty of cases in which this actually happened.
Many security researchers have discovered ways to hack into various smart home devices, including products from popular brands like SmartThings, Insteon, Philips Hue, and Ring. Thankfully, these companies have already released new firmware to patch these holes, but it’s a bit daunting to think about how easy it was to break into these devices with the right know-how. Plus, you never know what kind of security holes still exist on these devices that have yet to be discovered.
WHAT YOU CAN DO TO STAY SECURE
Unfortunately, most smart home devices are designed to be easy to use, and don’t come with a ton of security features. However, you can start by seeing if any of your smarthome products are easily accessible from the internet, which opens them up to attackers.
The easiest way to check this is to use the Internet of Things Scanner, which scans your network to see if any of your devices are on Shodan. Shodan is a search engine for internet devices that are publicly accessible. You can find things like security cameras, printers, routers, and other devices—pretty much anything that connects to the internet.
Unfortunately, beyond that, there’s very little that you can do to fully protect yourself right now—it’s mostly up to the companies of the products to provide a secure interface.
However, big-name companies like Nest, Philips, and Amazon are all top brands that have reputations to uphold, so spending time and money into securing their smarthome devices is something that’s in their best interest. This doesn’t necessarily mean that the security is top-notch, as mentioned above, but it’s certainly much better than the cheap Chinese knock-off security camera that was able to get hacked a minute and a half after it was set up.
So, if you’re going to use smarthome devices, buy from reputable brands and make sure to install any security updates as soon as they come out. Your smarthome devices are updated periodically, and those updates mostly consist of bug fixes or new features, but sometimes they can contain critical security patches that you’ll want implemented ASAP.
Furthermore, be careful of what devices access your network and make sure your Wi-Fi network has a secure password in place. You likely only give out your password to your friends and family, but that repairman you gave your Wi-Fi password to seems pretty innocent, right? Maybe not.
FOR SUPER SERIOUS USERS: MAKE A SECOND NETWORK
If you want to take drastic measures, you can do something that a lot of die-hard smart home aficionados do: put all of their smart home devices on their own, separate network that isn’t connected to the internet, and have a main network specifically for regular devices like computers and tablets that can access the internet. You just need a second router to broadcast its own network, and avoid connecting it to a modem.
This does have some big downsides, however:
You’ll need to switch Wi-Fi networks on your phone whenever you want to control one of these devices. This is a huge hassle, so it’s really only a good option for those who automate everything or use Z-Wave switches to control all their devices.
Some smart home devices need access to the internet in order to function properly, so those won’t work here. Devices like the Nest Thermostat, Philips Hue, and most smart outlets will work fine, but others—like the Amazon Echo or Nest Cam—won’t work at all without an internet connection.
If your devices aren’t connected to the internet, you won’t be able to use their remote access features—so you won’t be able to control your smart home stuff while you’re away from home.
You can see why most people don’t do this—it severely decreases the usability of your devices. But, if you mostly control your devices through automation and physical smart switches, it could be a decent option. But for most people, this isn’t going to fly. In that case, the best you can do it ensure you’re buying smart home products from reputable companies that regularly release updates and make security a priority.