Are there any smart home devices that are completely safe from hackers? Most privacy experts believe the answer is no and that all smart homes with The Internet of Things devices (IoT) can be hacked by cybercriminals. This opinion is supported by the rise of cybercrime worldwide in almost every Internet and computer-related application.
Even though corporations are projected to spend over $60 billion U.S. dollars this year on cybersecurity, according to Statista, 53 percent of infiltration attacks go unnoticed (Mandiant Security Effectiveness Report 2020). If corporations are that porous to cybercrime, why would smart homeowners think they are more secure than global-size corporations? They are not. Smart homeowners have to take additional measures to tighten up all the loose ends when installing all smart home devices.
From 2010 to 2019, data breaches of US organizations exposed 38 billion records, according to the Risk-Based Security company. A new hacking attack occurs every 39 seconds according to Security magazine. During the first 2 sips of coffee, the next hacker attack has already taken place.
Last month’s article, “What are the Hidden Dangers of Smart Homes,” uncovered the many problems with smart homes and IoT devices. One new smart home’s device received a total of 12,807 hacks and scanning attacks in one week alone. Multiple class-action lawsuits have been filed in the US against Amazon Ring for failing to set up basic security measures in their system. Frightened families in several states were threatened verbally by separate hackers through the Amazon Ring speakers. In one of the cases, Ashley LeMay and Dylan Blakeley’s 8-year-old daughter, Alyssa, was terrified by a voice that came over the Amazon speaker in the bedroom telling her he was Santa Claus and called her a racial slur. The hacker also turned on music and lights in Alyssa’s room. However, smart homeowners can take huge steps to reduce the chance that their IoT devices will be hacked so that the smart homeowner and their assets are safe.
Thycotic is a world leader in creating Privileged Access Management systems for companies who need high-level cyber security. They surveyed criminal hackers and found 73 percent said traditional antivirus and firewall security was irrelevant or obsolete. Additionally, Thycotic found 80 percent of the hackers said, “humans are the most responsible for security breaches.” At the same time, the vast majority of the hackers said multi-factor authentication and encryption were the biggest obstacles to hacking.
The bad news is that the more IoT devices one has the more points of entry there are for criminals to break into the smart home network and secretly listen to homeowners, make video recordings of them, and steal their personal and financial data. So, after learning that, how could there be any good news? Well, as the hackers say, the owners of the systems are the biggest factor in permitting security breaches. The hackers admit that consumers can create large obstacles to hackers attempting to break into IoT devices and smart home networks. This requires the owner of a smart home to get educated about the threats and specific actions to take to make their smart home far safer than the average smart home.
The key point is that putting safety solutions in place won’t take away the overall convenience of a smart home. However, increased security may reduce the level of convenience of some smart devices.
Dr. Zahid Anwar, a faculty member at Fontbonne University in St. Louis, Missouri, is a cyber security expert. He was employed as a software engineer at the National Center for Supercomputing Applications, xFlow Research, CERN, IBM, Intel, and IBM. Below are his insights on the most vulnerable smart devices.
The riskiest smart or IoT devices have internal computers with poor or no security protocols. These include smart sprinklers, garage door openers, and wireless doorbells. Wardrivers cruising around the neighborhood can easily hack these types of devices.
Dr. Anwar says the second riskiest smart devices are those operated by smartphone or PC apps. These include smart door locks, security cameras, smart bulbs, smart thermostats, smart switches, personal home assistants, and baby monitors which have weak security tokens. Also, some of these types of devices may have command entry points left open by the vendor for maintenance.
The least risky devices are refrigerators, ovens, automatic pet feeders, and other appliances but it is still possible to hack them.
Smart devices share data when they are connected to the Internet. Hackers probe smart homes for the easiest route to access the home’s smart network. A hacker that obtains control of a smart device can then hack other devices in the home and work his way through a series of devices to obtain the kind of smart device or data he is looking for. In this way, a professional hacker can unlock doors, disable smart security systems, and more. This exposes the people in the smart home to potential identity theft, burglary, assault, or other crimes.
What are people to do? Should they avoid using smart devices? That is an option, but the trend is rapidly going in the direction of more people installing various smart devices in their homes and making them a part of their lifestyle. The solution for smart device users is to take the advice of cybersecurity experts and put safety solutions in place.
Kirby Allen runs Cybertakes.com, a “good cybersecurity practices” website. Below is a list of his easy security tips to reduce the chances that your smart devices will be hacked. Smart devices and smart home networks are complex but there are many ways to keep them secure and you safe. It may be wise to hire a professional to help you. Yet, professionals may still overlook some of these important tips below so you should participate in the installation and make sure these tips are being followed. After all, it is your safety and your assets that are at stake.
First of all, it is crucial to know that smart TVs may be risky to your privacy and security. A smart TV is always connected to the Internet and is usually connected to other smart devices in the home.
There are many confirmed reports of hackers getting control of smart TV settings and applications. Hackers have then used smart TV video cameras and microphones to spy on smart home residents. Various smart TVs also have Automatic Content Recognition (ACR) installed in them. ACR stores data on what you watch on the TV and sells that information to advertisers.
- It can be frustrating to learn that you can’t just buy a smart TV, set it up and forget it. But if security and privacy are important to you, you can’t. Fortunately, Kirby Allen provides 7 steps to make your smart TV secure. They are: 1) Disable ACR. The settings to do this for some smart TV manufacturers are diifficult to find; 2) Download the free or premium version of ESET® Smart TV Security at eset.com. This software protects the smart TV from ransomware attacks and keeps malware from getting into the smart TV; 3) Change the administrative password in the smart TV settings, if the TV allows it: 4) Keep your smart TVs’ firmware up-to-date and download new manufacture security updates when they are available; 5) Disable the smart TV camera and microphone whenever you are not using them; 6) Enable passwords and security on any smart devices connected to the smart TV; 7) Of course, confirm that the smart network the smart TV is connected to is secure.
- Buy smart devices only from companies with good reputations.
- Compare the risks and vulnerabilities to the benefits of using the device. Completely secure information technology networks do not exist no matter how big or small the system. Consider each smart device on its own merit and how necessary it is to your life and the risk it may bring into your home’s smart network.
- Design a secure Wi-Fi network. To start, this requires purchasing and properly setting up a router with high-quality security features. This will provide a safe connection to the Internet and safeguard the home’s smart devices.
- Next, change the network name on the router. The new router name should be unclear or nondescript so that is it difficult for a hacker to locate the router. Also, replace the default router password with a strong password using a mix of numbers, letters, and special characters. Most people never change the default password on their router and their other smart devices. Yet neglecting to take this step is one of the easiest ways to allow hackers to break into a smart home network.
- Make it a rule that no smart device is connected in the house until the default password of the device is changed to a strong one. Kirby Allen recommends using password managers like LastPass or Dashlane that remember passwords for you. Dashlane also has a tool to generate ultra-secure passwords.
- Register all devices with the manufacturer. Make sure you accept manufacturer software security updates that protect the devices from new risks.
- Read the permissions for each smart device app. When installing apps that are linked to smart devices do not allow any permissions that are not necessary. You can always enable permissions later. Consider security first.
- Deactivate or unplug devices that no one is using. Before vacations or work trips, determine which devices are unnecessary to be connected to the network. Smart devices that are not connected to the network cannot be accessed by hackers.
- If unsure how to properly design and install a secure smart network and smart devices, use a professional. A professional can help you understand how to best use the smart network and the devices securely.
- Reset smart devices to the factory defaults when you replace or dispose of a device on your network. This clears the data on the device. Hackers can use data left on your discarded device to penetrate your network.
These security recommendations by Kirby Allen are important to the safety of your family and assets. Remember setting up a secure system in the beginning and maintaining the security is far easier than trying to plug security vulnerabilities later after a major hack into your smart network.
Below are additional recommendations to increase the security of your smart home even more by Kaspersky, the well-respected security software, used by 400 million people and 250,000 corporations.
- Make certain that none of the smart devices can control the smart network or access your personal information (like the data in your computer, laptop, or smartphone).
- Change the passwords every six months. This will greatly increase device security. Use two-factor authentication (2FA) for all smart devices.
- On voice-activated devices like smart speakers, change the alert word from “OK Google” or “Hey Alexa” to a phrase that only you and your family know. This keeps burglars and other people from easily probing and accessing the smart network.
- Do not connect smart devices to the network unnecessarily. If you don’t use the connected functionalities of your coffee maker or oven, use the device offline.
- Turn off Universal Plug & Play (UPnP). This function is in most smart devices. It permits them to locate other smart devices and automatically share data with them.
Universal Plug & Play protocols make them susceptible to hackers, which permits hackers to control other smart devices after the first device has been hacked.
- Read the permissions for apps running on your devices. Permissions that allow an app to edit the router’s settings are a possible security threat.
- Be wary of cloud storage for devices (remember in the previous Smart Home article about the Orvibo scandal where 2 billion customer records were exposed on the Internet?) Devices that require a cloud connection for upload and download can allow hackers into that connection and give them access to your network. If you desire to use cloud technology, make sure you understand the proper precautions to take to protect your data and privacy.
Kaspersky also recommends the following procedures to protect smartphones and computers in the smart home network
- Choose the screen lock function on your smartphone so nobody can use the phone but you.
- Setup strong passwords for all smartphones and computers.
- Make sure the computers are not set to administrator or root level. This limits the damage a hacker can do to the computer system since the hacker will not have administrator privileges.
- Use firewalls on the router and all computers. Most routers have a firewall, but it must first be turned on by the user.
- If your existing router has weak security features, replace it with a router built for strong security.
- Use strong security software on computers and smartphones. This will protect them from malware and viruses. There are many security software choices, and the names of the best will appear in the top ten lists of software review sites.
- Always install security patches updates and keep the software up to date.
- Install a Virtual Private Network (VPN) on all computers, laptops, and phones. A VPN will also protect your laptop and smartphone when using public WiFi. Hackers have the same password as the rest of the users on the public WiFi so that makes everyone’s laptop or smartphone that is connected to the internet at risk to be probed and attacked by hackers unless they are shielded by a VPN. VPNs are inexpensive and easy to install. Make sure the one you choose is highly rated on multiple tech websites.
The FBI Office in Portland Oregon published an article that a smart home needs more than one network. Smart appliances and computers should not be on the same network. Private, sensitive data should be on a separate system from other smart devices.
- Ken Colburn of Data Doctors.com describes three ways separate networks can be created within a smart home. The first way, and the most expensive, is to have two separate Internet connections with each utilizing their own router. The second way is to have one router and separate Service Set Identifiers (SSID). Most new routers can be set to allow a wireless ‘guest network’, which is isolated from the primary network. The third, and most complex way, is to have two or more separate routers using a single Internet connection. Ken Colburn recommends hiring a professional for this third way unless you are quite knowledgeable in setting up routers in computer networks.
Creating separate networks makes it far more challenging for hackers to break into a smart home. For example, one network can be for smart device conveniences, another network can be for the PC and laptops, another network can be for the home business, and even another network can be for guests or repairmen to use.
Smart homes and devices are growing in popularity at a rapid rate. They make life so convenient that people just can’t help buying them. Criminal organizations, burglars, and low-level hackers understand this and see smart home technology as a rich opportunity to steal data, break into homes, or terrify people. Yet, taking the above safety tips and putting most if not all into place in your smart network will make you and your assets a much more difficult target and unlikely to experience intrusions into your smart network. In the near future, technology, laws, and consumer habits will likely improve and reduce the chances of serious hacking and crimes committed against people’s smart home networks. But the problem will likely remain in the future. Hackers will continue to use the laziness or ignorance of the smart homeowner as the easiest route to hack into a smart home network.