People often worry about keeping their computers, smartphones, and tablets secure from hackers and malware. But what about your smarthome devices? They can be just as susceptible as any other device on your network, even if it doesn’t seem like it.
For certain smarthome devices, like smart locks and Wi-Fi cameras, it makes a lot of sense why they would be great target for hackers. Hacking your smart lock would allow someone to break into your house without busting their way in. Hacking a camera would allow them to see if anyone’s home by taking a look at your video feed.
With other smarthome devices, like smart outlets or smart thermostats, you might think that a hacker wouldn’t care. After all, who cares if a hacker turns your lights on and off? But there’s actually a lot that a hacker could do with those devices, theoretically.
For example, if someone was able to gain temporary access to the same Wi-Fi network that one of your smart outlets is connected (either by accessing an unsecured network or through some clever social engineering), they could then get remote access to the plug and therefore your network (possibly by using a reverse SSH connection), allowing them to do as they wish from that point.
There are a ton of ways hackers could barge their way in, but again, this is just an example of what could theoretically happen. We haven’t found any significant reports of actual smarthome users getting hacked and causing significant damage on their end, but there is a much more real threat: botnets.
An unsecured device could be taken over with malware and used to participate in DDoS attacks. So while smarthome devices may not be hacked to cause you damage, they can be used to cause damage to other users. So you should secure yourself against this for the betterment of the entire internet. This is not a theoretical threat: there have been plenty of cases in which this actually happened.
Many security researchers have discovered ways to hack into various smarthome devices, including products from popular brands like SmartThings, Insteon, Philips Hue, and Ring. Thankfully, these companies have already released new firmware to patch these holes, but it’s a bit daunting to think about how easy it was to break into these devices with the right know-how. Plus, you never know what kind of security holes still exist on these devices that have yet to be discovered.
Unfortunately, most smarthome devices are designed to be easy to use, and don’t come with a ton of security features. However, you can start by seeing if any of your smarthome products are easily accessible from the internet, which opens them up to attackers.
The easiest way to check this is to use the Internet of Things Scanner, which scans your network to see if any of your devices are on Shodan. Shodan is a search engine for internet devices that are publicly accessible. You can find things like security cameras, printers, routers, and other devices—pretty much anything that connects to the internet.
Unfortunately, beyond that, there’s very little that you can do to fully protect yourself right now—it’s mostly up to the companies of the products to provide a secure interface.
However, big-name companies like Nest, Philips, and Amazon are all top brands that have reputations to uphold, so spending time and money into securing their smarthome devices is something that’s in their best interest. This doesn’t necessarily mean that the security is top-notch, as mentioned above, but it’s certainly much better than the cheap Chinese knock-off security camera that was able to get hacked a minute and a half after it was set up.
So, if you’re going to use smarthome devices, buy from reputable brands and make sure to install any security updates as soon as they come out. Your smarthome devices are updated periodically, and those updates mostly consist of bug fixes or new features, but sometimes they can contain critical security patches that you’ll want implemented ASAP.
Furthermore, be careful of what devices access your network and make sure your Wi-Fi network has a secure password in place. You likely only give out your password to your friends and family, but that repairman you gave your Wi-Fi password to seems pretty innocent, right? Maybe not.
If you want to take drastic measures, you can do something that a lot of die-hard smarthome aficionados do: put all of their smarthome devices on their own, separate network that isn’t connected to the internet, and have a main network specifically for regular devices like computers and tablets that can access the internet. You just need a second router to broadcast its own network, and avoid connecting it to a modem.
This does have some big downsides, however:
You can see why most people don’t do this—it severely decreases the usability of your devices. But, if you mostly control your devices through automation and physical smart switches, it could be a decent option. But for most people, this isn’t going to fly. In that case, the best you can do it ensure you’re buying smarthome products from reputable companies that regularly release updates and make security a priority.