Every so often, a news story breaks that makes us rethink the technology we allow into our lives. Like this one, from the Chicago Tribune, February 8th, 2019:
Arjun and Jessica Sud routinely use a baby monitor to keep tabs on their 7-month-old’s bedroom. Last month, they heard something chilling through the monitor: A deep male voice was speaking to their child.
“Immediately I barge into the room because I’m like, ‘Oh my God, maybe someone got in there,’” said Arjun Sud, 29. “The moment I walk in, it’s quiet.”
The couple grabbed their son, now fully awake, and headed downstairs. When they passed their Nest thermostat, normally set around 72 degrees, they noticed it had been turned up to 90. Then, the voice was back, coming through the speaker in a downstairs security camera. And this time, it was talking to them.
The voice was rude and vulgar, using the n-word and cursing, he said. At first, he yelled back. But then, Sud composed himself and stared into the camera.
“He was like, ‘Why are you looking at me? I see you watching me,’ ” Sud said. “That’s when I started to question him back.”
The Lake Barrington, Ill., family’s Nest cameras and thermostat had been hacked.
The extent of the damage to Arjun, Jessica, and their baby was merely psychological. Still, the couple might be justified in asking themselves: are smart home devices safe?
If you’re asking yourself that same question, the following article will outline steps anyone can take to minimize the risk of smart home hacking. By the end, you’ll have the knowledge necessary to ensure that your devices make your life easier, not more problematic.
Weighing the Risk of Smart Home Hackers
Anyone concerned with smart home security should understand the following truisms:
- Any device connected to the internet can be hacked.
- Smart home hacks are very rare.
- By configuring your home network, you can maximize the security of all your smart devices.
You may think: why bring internet-connected devices into my home if they introduce security and privacy risks that non-connected devices don’t? The answer to this question is simple. Do you own a computer? A mobile phone? What about a car built in the last twenty years? We take on minor cyber risks every day because the benefits of modern technology far outweigh the costs.
Smart home devices improve our daily lives in all sorts of ways at relatively little cost. The prospect of a hacked smart device is scary but also very unlikely compared to your phone and computer. Think about it for a moment: hackers are people with motivations for what they do. Your phone and laptop contain:
- Personal identification information.
- Bank and credit card numbers.
- A whole slew of other valuable data.
Your smart thermostat, on the other hand, is about as valuable to a hacker as that hacker’s thermostat is to you. This value is part of why smart device hacks are so rare.
Still, your home should be a sacred, safe space. We can both accept that smart home hacks are infrequent events yet still feel they should be guarded against. And the first step towards securing your smart home is to secure your wireless network.
How to Secure Your Network from Smart Home Hackers
A “smart home” isn’t one material thing–it’s many different, individual things running over a shared network. Your home Wi-Fi network is the first and most important component of your smart home’s operation because it connects everything to everything else. But this convenience and efficiency come at a price. I’ll use an analogy to explain:
Most of the time, birthday parties are fun–everybody has a good time, talks to each other, and lives happily. Sometimes, someone doesn’t have fun at the party–maybe they just got bad news or drank too much. Usually, that person’s bad mood will affect only them, and maybe a few people around them. The party goes on. However, it’s entirely different if the birthday girl is in a bad mood. They’re the focal point of attention, the glue holding the party together, and the only person who are friends with every person in the room. Therefore, the entire party suffers when the birthday girl has a bad time.
In cyber security, we might refer to a sad birthday girl as a “single point of failure”–a component whose failure causes an entire system to fail with it. By connecting all of your devices, your home network is what allows your home to be “smart”. But because it connects all your devices, it is a single failure point. If it goes down or becomes compromised, everything else falls with it. Therefore, your network is the first and most vital place to begin your quest for security.
Here, below, are some starting tips, to help you protect your home network:
Enable WPA2 wireless encryption
Without encryption, a hacker tapping into your home internet could read the data streaming in and out of your devices as quickly as you’re reading this sentence. By enabling your router to encrypt your data, al4sm 09u3jnodfs5 lcv-f0s9 jf89jio kiuow9058t 894uw. Do you see?
Set up a specific network for IoT devices
None of the devices you own is more vulnerable than those in your pocket or desk. Computers you use to access websites, open emails and otherwise engage with the internet have any number of ways of contracting malicious programs, unlike your smart devices, which have more limited functions and predetermined processes. Therefore, it’s best practice to maintain separate networks–one that you use actively and one that your IoT devices use. Most Wi-Fi routers allow you to set up multiple networks to keep your internet traffic separate from your home automation device traffic.
Disable Wi-Fi protected setup
Wi-Fi Protected Setup is a network security standard invented in 2006 that was discovered to be majorly flawed in December 2011 when a researcher discovered it could be broken via a sheer brute force attack.
Disable cloud-based router management
Cloud-based tools allow you to manage your network remotely, but they might let a hacker do the same.
Install the newest firmware and set the router to update automatically
Companies regularly release updates to their devices as new threats arise, and engineers write the code to combat them. By configuring your devices to update automatically, you’ll save the effort of updating manually while keeping your protections as up-to-date as possible.
Disable remote administrator access
Enabling remote administrator access allows you to log into your home network without being physically nearby. An easy cheat tool for a hacker located many miles away.
Disable UPnP
(although, you may need to temporarily enable it to install a new device)
Universal Plug and Play is a Windows network protocol that allows devices operating over a shared network to discover one another. The problem: the program assumes, by default, that any and all devices over the network are trustworthy. It comes set with no authentication mechanism, leaving routers and firewalls vulnerable to attack from a device that is not yours. It is safe to temporarily enable this feature to set up your devices, but you should turn it off once your setup is complete.
Other steps you can take against smart home hackers
Smart devices tend to be closed systems, not subject to tinkering or modification. Still, there are precautions you can take with them that will help keep the security standard in your home high. For example, just as you do with your laptop and phone, setting and maintaining good, diverse passwords as they apply to your smart devices is essential. Strong passwords may be the most important step you can take towards cyber security, requiring no technical knowledge.
As with your food, your car or anything else in your life, it’s essential to purchase your devices from reputable companies. Look for recognized names, and good reviews online from customers or reputable websites. Smaller players in the IoT market might offer equally good or even better products than their larger competitors; don’t buy a cheap security camera from an unknown manufacturer.
Editor’s Note: TheIOTpad.com only recommends products from well-known manufacturers.
Speaking of security cameras, it’s worth noting that not all smart devices should concern you to the same extent. As mentioned earlier in this article, there’s little value to hacking someone’s toaster, refrigerator or baby monitor. However, breaking a security camera or a smart lock could be valuable to the right criminal. It’s an improbable scenario we’re alluding to here, but because of the nature of those more sensitive devices, it’s worth thinking twice before purchasing a smart lock for your front door. If you are interested in a smart lock, perhaps it would be best paired with a physical lock. Just to be safe.
Rethinking smart home security
Anybody possessing an internet-connected device should be looking to minimize their risk of exposure. By implementing the steps outlined above, you’ll be able to rest more easily at night.
Still, security exists along a spectrum–you can’t be completely protected, only more or less so. That’s because, no matter how well-armored your devices may be, they’re still built and operated by humans. Humans, who unintentionally build and configure our machines in such a way as to leave them exposed, fail to read privacy policies and fall victim to phishing attacks.
Arjun and Jessica Sud are well justified in spending their time worrying about their child rather than their tech. If you’re concerned about befalling the same fate as they did, it’s worth noting how their hacker broke in. He managed to get in not because of a deficiency with the baby monitor itself but because of a vulnerability in the Sud’s home network. Had they received proper advice, such an event, already extremely rare, would not have occurred.
Luckily, for all our human failures, companies are already taking extensive measures to ensure high security in their smart products. Often, for example, developers will publish “bounties” for anyone who can hack into their machines. An entire class of hackers–called “white hats”–engage in no criminal behavior and instead use their powers for the common good. White hat hackers will find security holes even before the release of a new product, allowing less liability for the manufacturer and greater protection for you.
None of us are perfectly secure because none of us are perfect; we can only do our best to compensate. By caring about security–by reading this article–you’re miles ahead of the pack.