Ask a smart home owner, “is your home secure?” and you'll get either a shrug or a thumbs-up.
One answer is apathetic, the other answer is ignorant, and both are completely wrong.
Your smart home is not safe.
The Illusion of Safety
Internet-of-things powered-homes have made being a homeowner ridiculously easy. Smart thermostats and lighting efficiently heat and cool while reducing costs, smart alarm systems and locks make safety convenient without compromising protection, and smart home assistants such as Google Home and Amazon Echo keep everything connected from one voice controlled tool.
But while you can't deny the advantage of decking your home out in smart devices, neither can you deny the fact that smart home security is still in its infancy. A January 2016 study by Accenture reported that 47% of those surveyed said they didn't buy smart devices due to privacy and security concerns. The same report cited that 18% of customers returned their devices out of fear of being hacked.
One major concern lies with the ‘listening' features of smart organizers like the Amazon Echo and Google Home. In January of 2017, an Arkansas homicide case made international headlines when police requested the recordings from a home's Amazon Echo to serve as evidence. While Amazon vehemently fought against releasing the recordings, the accused voluntarily turned over his device to investigators to assist in his own defence.
It's official: Alexa is always listening.
(Credit: Private WIFI)
Even more disturbing than mere privacy concerns is how vulnerable technology makes the average homeowner. Unsecured wi-fi connections provide hackers with a near-undetectable back door into a home network – making a network break-in a lot less obvious than a physical one.
Compromised Third-party Integrations
One of the beautiful things about using smart home technology is the sheer number of integrations that make it possible to easily run unique and complex automation routines. However, the majority of these third-party integrations don't have good security—if they have any security at all. This opens up your home network to hacking threats from multiple sources.
Beware the Botnet
For the uninitiated, botnets are the malicious connection of devices for use in cyber attacks, data theft, spam, and other illegal or unauthorized purposes like mining crypto-currencies.
Bots are created when a device is infected by malware and subsequently put under control by a botnet owner. As connected devices with little to no built-in security software or equipment, smart devices are becoming increasingly common components of illegal botnets.
So with all of these impending threats to your personal network's safety, integrity and security, are smart homes still worth it?
Absolutely! But only if you take the proper precautions.
Step 1: Secure Your Wi-Fi/Router
Everything in your smart home is connected through your router, which acts as a central access point in and out of your home. Regardless of whether your home is fully connected, or you are just dabbling with one smart device, your router is where you should start with your security efforts.
Your router provides basic firewall protection against unwelcome traffic through Network Address Translation (NAT) routing and port filtering. An effective router will take care of much of the security risks, but you'll want to ensure that you have the best router available. You'll also need to change your router password from the factory-issued default to a unique password phrase.
For a complete guide to router security and safety, check out the Field Guide on How to Keep Your Home Wi-Fi Safe from Hackers.
Your Wi-Fi Protected Access (WPA2) encryption protocol should be turned on when setting up your Wi-Fi, and ensure that your password is different from your abovementioned router password. If you're unsure how to do this, visit your provider's website and search for “how to change Wi-Fi password.”
Step 2: Research your Smart Devices and Choose Effectively
Security should be a major factor in choosing the right smart device. Some smart device providers go the extra step of encrypting locally and via the cloud, which further assists in reducing the risk of a breach.
To limit vulnerability from third-party integrations, look for smart devices with native Apps, particularly those that integrate with reputable partners. These are measures we've implemented in our own Mysa smart thermostat.
In terms of botnet protection, some devices will implement additional security features to prevent from unauthorized processes working on the device. This may include encryption of local/stored data, SSL certificates, and other features that beef up security. Some devices like the Mysa smart thermostat also implement secure-boot, which prevents units from running any unauthorized processes.
For more information about securing your devices against botnets and other threats, take a look at this article.
For the smart tools you already own, carefully review their capabilities. If you are uncomfortable with some features, you may have the ability to disable them. To do so, search the settings menu to modify the privacy settings. While there is little that can be done in terms of smart home assistant listening protocols, other devices can still be configured for greater privacy.
Step 3: Secure your Smartphone and/or Tablet
According to a 2015 Norton Cybersecurity Insights Report, 33% of users don't use passcodes to lock their smartphones. Since your smart devices are controlled by your smartphone, your phone can become a key entry point to your home. If your unsecured phone fell into the hands of a criminal, your smart locks and security system would easily be accessed and compromised.
Set a password on your phone, and be sure to lock it if leaving it in an area unattended (or better still, don't leave it unattended at all!)
While not exclusive to smart devices, installing security software is also a crucial step to keeping your computer, smartphone and tablet safe. Even the most protected routers, computers, and devices are vulnerable to malware out of the box.
So while smart devices and homes are vulnerable to attack, the good news is that you can improve your security with a little bit of research and effort. The more knowledgeable you are about your risks and vulnerabilities, the better you can prepare and mitigate, and the more you'll enjoy the benefits of your connected home.