More and more homes are becoming “smart”, meaning they are equipped with an increasing number of internet connected devices that can be controlled remotely or through voice commands. The smart home market was at $31.45B in 2022 projected to grow at a 10.22% compounded annual growth rate through 2027. Over 68% of households in the US will have smart home technology by 2027. This represents not just a majority of the population but also a staggering number of devices that will connect to the internet from homes alone. Every device, the related apps and services all represent an expanded attack surface to malicious actors and It is important to remember that these devices can be vulnerable to security and privacy breaches. These smart home devices, apps and related services are gateways to our identity, our behavioral data, our privacy and indeed our safety as well as that of our families. Smart home security needs to be top of mind and we all need to develop muscle memory around smart home technology protection like Kavalan.
Here are some ways to do so:
1. Choose devices with strong security features
When shopping for smart home devices, prioritize those that have strong security features built in. This might include encryption of data in transit and at rest, automatic software updates, and two-factor authentication. Look for products that have been certified by third-party security organizations, read reviews and research the manufacturer’s security policies before making a purchase. As part of your buying process, make sure to check the websites of the FBI and the Federal Trade Commission to see if there are any warnings around that specific device or vendor.
2. Keep software up to date
Just like with your computer and phone, it’s important to keep the software on your smart home devices up to date. Home security cameras, smart thermostats, baby monitors have all been hacked in the past due to either weak passwords or unpatched devices. This is because manufacturers often release updates that patch security vulnerabilities that have been identified. Remember, malicious actors such as nation states or rogue individuals are constantly looking for vulnerabilities and when manufacturers announce patches for known issues, the malicious actors will target those smart home devices knowing fully well that some subset of the population will not have updated their smart home devices to the latest patches. Set up automatic updates if possible, or make a habit of checking for updates regularly and installing them as soon as they become available. For most trustworthy smart device brands, this is free and there should be no reason not to take advantage of the updates.
3. Consider a smart home security system
Finally, consider investing in a smart home security system such as an Intelligent Digital Safety System. These systems can provide additional layers of security and privacy to smart home devices such as door and window sensors, motion detectors and security cameras. A truly Intelligent Digital Safety system will provide automatic blocking of cyber threats such as botnets, malware, phishing, keyloggers and more across every device in the smart home. In addition, such a system will automatically block privacy threats such as ads, trackers, pixels, beacons and more across every app, device and service in the smart home. Addressing privacy is central to addressing smart home security. Device vendors, apps, websites and other services we use all collect our data and share them with thousands of companies daily. This information is extremely valuable to malicious actors since it allows for them to personalize attacks against us and the devices in our homes using that knowledge. Ensure that the provider of the system has a clear and well stated policy on deletion of your data as well as what data is collected. A truly capable smart home security system will enable you to change your devices, apps, internet service provider, your home internet router and yet allow you to enjoy a constant state of privacy and security. In other words, any such system should be independent of all of those parameters so that you can add or remove devices, apps or services without compromising on privacy and security.
4. Use strong, unique passwords
It’s important to use strong, unique passwords for all your smart home devices, as well as the accounts you use to access them. Why? Well, for pretty much most device brands and device types, hacker forums are replete with databases that have the default device password as well as powerful tools such as John the Ripper to brute force guess simple passwords. It is just too easy for a malicious actor to identify and break into a device with a default or weak password. Let us at least make it harder for them. A strong password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. Avoid using personal information like your name or birthdate in your passwords, as this information can be easily guessed or obtained by attackers. Instead, consider using a password manager to generate and store strong passwords for you.
5. Enable two-factor authentication
Two-factor authentication (2FA) adds an extra layer of protection to your smart home security by requiring a second form of identification, such as a fingerprint or a code sent to your phone, in addition to your password. This makes it much harder for attackers to gain access to your devices, even if they have your password. Enable 2FA on all your smart home devices that offer it. Where possible, enable 2FA using an authenticator app rather than SMS 2FA. Many of these apps are free but please make sure to pick an app from a trustworthy brand.
6. Secure your Wi-Fi network
Your smart home devices rely on your Wi-Fi network to communicate with each other and with the internet. If your Wi-Fi network is not secure, attackers can potentially gain access to all your connected devices and seriously compromise your home security. The home internet router is indeed the front door to your smart home’s digital profile. To secure your Wi-Fi network, make sure you’re using a unique network name (SSID) i.e. change the network name from its default value and also set up a strong password. You should also consider enabling WPA2 encryption, which will encrypt the data transmitted over your Wi-Fi network.
7. Create a separate network for smart home devices
Network segmentation is a technique used to improve the security of your smart home devices. Network segmentation involves creating a separate network just for smart home devices or non-critical devices. This can be done by setting up a guest network on your router and connecting your smart home devices to that network instead of your main network. This provides a better smart home security posture since if an attacker gains access to your smart device network, they won’t be able to access your main network and any sensitive data that’s stored on it.
8. Disable features you don’t use
Many smart home technology devices come with features that you may not need or want to use. For example, if you don’t use voice commands to control your smart speaker, you can disable the microphone to prevent it from listening to your conversations. Similarly, many devices come with apps that allow you to control that device from outside your home. Whenever you have devices with this capability, please understand that the app is being enabled to communicate past your network and other home security defenses. If you don’t need to control your smart home lights or smart thermostats or security cameras remotely, you can disable that feature to reduce the attack surface of your devices.
9. Turn off devices when not in use
If you’re not using your smart home technology devices, turn them off or unplug them from the wall. This will not only save energy, but it will also reduce the risk of a security breach. Attackers can’t hack into devices that are turned off or disconnected from the internet, so this is an easy way to improve the security of your smart home technology. Please do note that turning off the power button on a device may not necessarily shut down that device. Some devices like smart TVs still stay on a ‘stand by’ mode and can communicate to outside services. Worse yet, there are some smart home devices that come with alternative Wi-Fi chips with hidden SSIDs that may still communicate with outside entities. So, power off and also unplug devices that are not in use to ensure safety.
10. Review permissions and access
Many smart home devices require access to other devices or services, such as your phone’s location or your Google account. Review the permissions and access that each of your devices has, and make sure that they only have access to the data privacy they need to function. For example, your smart thermostat doesn’t need access to your camera or microphone. Same applies for apps that you install on these smart home devices. If you’re not sure what permissions a device has, check the manufacturer’s website or contact their customer support.
11. Monitor device activity
One way to detect if a device has been hacked is to monitor its activity. Many smart home devices have activity logs that you can access to see when the device was last used and what actions were taken. You can also set up alerts for unusual activity, such as a door opening or closing at an unexpected time. Some smart home security systems also offer monitoring services that will alert you if they detect suspicious activity. You should also check your smart home device’s manual to see if you can monitor for the date and time of the last login attempt as well as whether any changes were made to the settings.
12. Use a VPN
A virtual private network (VPN) encrypts all the data privacy that’s transmitted over your internet connection, including data privacy from your smart home devices. But before we go further on this topic, we will be remiss if we do not point out that there are hundreds of VPN vendors out there but really only a handful are trustworthy. Also, a VPN is not a privacy solution since the VPN vendor can see all of your network traffic. What a VPN does is that it hides your internet behavior from your internet service provider. It also hides your public IP address from websites and online services so that you can access content and features that may not have been available in your geography. A VPN requires a piece of software called a ‘client’ to be installed on the specific devices that you wish to access content or apps from. Any time you have to install software on a device in your home, please understand that the software may be able to access several capabilities in your device as well as data security on that device. There are some VPN solutions that can be installed on your home Wi-Fi router so that you can protect all smart home devices, however, this requires more technical skill. VPNs may also slow the performance of your home network. In short, be extremely careful when selecting a VPN vendor and be very clear as to the specific uses that you have for it.
13. Secure your router
Your router is the gateway between your smart home devices and the internet, so it’s important to make sure it is at the forefront of your smart home security plan. Make sure your router’s firmware is always up to date, and change the default password to a strong, unique password. You should also disable remote management, which would allow an attacker to access your router’s settings from anywhere on the internet. It is also key to change the default DNS server setting on your router to a trusted DNS provider like Kavalan from Nandi Security.
In conclusion, as the number of smart technology devices continues to grow, it is important to ensure the privacy and security of your devices and the related apps that reside on them are critical to the overall smart home security posture. Cybersecurity, whether in the home or in the enterprise, is a risk reduction game. We need to reduce our risk as well as increase the malicious actors’ cost to attack. Remember to always research products before you buy them, keep software up to date, use strong passwords and two-factor authentication, and monitor your devices for unusual activity. The future will include devices that are embedded and probably also implanted and there is no shying away from the problem of the expanding smart home device footprint. The cyber hygiene tips above form an essential and mostly free set of actions that anyone can perform in order to reduce the risk of a security breach as well as protect your personal information and identity.