Internet of Things devices have surged in popularity in recent years, largely due to the introduction of smart assistants by companies like Amazon and Google. But along with that growth has come a huge increase in security attacks. A 2018 Symantec Internet Security Threat Report found an astonishing 600% increase in overall IoT attacks in 2017.
While that's a scary statistic, the good news is you can still enjoy having smart devices in your home. You just need to know how to secure a smart home to keep your family safe.
What Smart Home Devices Are Vulnerable?
Any IoT device is going to be vulnerable to hackers, from your Nest Hub smart display to Amazon's Alexa-friendly microwave. The real question you need to ask yourself is what's more likely to be hacked? Products like doorbell cameras, smart displays, and smart security systems are probably higher-priority targets for hackers.
What Happens When a Smart Device Gets Hacked?
A number of things can happen if one of your devices is hacked. Obviously, hackers can use cameras to spy on households, but there are other situations to worry about, as well. For instance, hackers can gain control of your router and lock it down with ransomware. And there's no guarantee you'll be able to regain control, even if you pay the ransom.
Another situation to think about involves smart thermostats. You might not be concerned with criminals hacking into those — what are they going to do, crank the heat up during summer to make you really uncomfortable? While an action like that seems like a prank, smart device incidents can be terrifying in the moment, as multiple families have learned the hard way. And more recently, researchers have spotted Kaiji malware built to attack IoT devices in order launch DDoS attacks.
Another risk lies in your routines being exposed. You've probably heard advice about not broadcasting vacation plans on social media, as thieves watch for easy targets. The same goes for smart thermostats and devices with assistants. If you set your thermostat to specific parameters involving whether you're home or not, a hacker could ostensibly get that information and plan a burglary. As for smart speakers like the Echo, if you have routines set up through Alexa and a hacker gains entry into the device, they could form a picture of your habits quite easily.
What to Consider When Researching Smart Home Devices
Sure, the many smart devices out there look neat and seem to make everyday life easier. And they definitely can! But before you buy into one of the ecosystems, consider these things about each device:
- What are the privacy policies? Can you disable features that you feel infringe on your privacy?
- Will the provider store your data or sell it to third parties?
- How are updates enabled?
If you're unable to find a clear answer to any of these questions, or if you don't like the answer you find, it's worth postponing buying the new IoT device you're eyeing.
IoT devices are partially so prone to attacks due to the simple fact that IoT security isn't a huge priority for manufacturers. Wirecutter notes that there's increasing pressure on these device manufacturers to implement better security standards and practices. Given that these measures aren't in place yet, though, the responsibility for security falls on the consumer.
Wired recently covered the IEEE Symposium on Security & Privacy, where Carnegie Mellon researchers presented a prototype of a security and privacy label, almost like a device "nutrition" label. Wired summed it up as such: "The idea is to shed light on a device's security posture but also explain how it manages user data and what privacy controls it has." Industry experts believe that having this kind of information available on packages will lead to consumers making smarter purchases regarding their technical privacy and security.
How to Secure Your Smart Home
The good news is that you don't have to avoid buying an IoT device completely. It's just important to take precautions to ensure your gadgets stay safe from prying eyes.
Norton, the well-known maker of antivirus and security software, lays out 12 tips for making your smart home more secure. That sounds like a lot, but many are probably things you're already doing, or have planned on doing.
Wirecutter recommends its own measures, but their tips overlap with Norton's and other major lists on securing smart devices. Below are the most common recommendations we saw.
Name Your Router
Default router names are often based on models, which can provide clues to hackers on what kind of device you have. So it's best to rename your router. Don't associate the name with any personal details, like your name, age, or address. This is a good time to break out amusing names, like "FBIVan" — but these are also popular, so you might not be the only one on the block with that name.
Protect Your Network
Make sure you're using passwords to protect your devices and network. And make sure those passwords are strong and unique — this isn't the time to lean on "password" or "123456" to secure your network. As Wirecutter points out, leaving your network unprotected is "the digital equivalent of leaving your front door wide open with a neon welcome sign overhead."
Wirecutter and Norton also recommend creating a guest network for your IoT devices. That way, they're isolated from your computers and smartphones, and are also easier to take offline without interrupting the entire network.
Use 2-Factor Authentication
When you set up 2-factor authentication and try to log into something protected by it, you'll be sent a 1-time use code via another device. While 2FA isn't perfect, it can vastly decrease your chances of being hacked if you use it correctly.
Keep Your Software Updated
Many manufacturers and industry experts recommend just opting into automatic updates with your devices. This means your devices will be updated to patch any security flaws or other vulnerabilities right away, before you find yourself in the midst of a problem.
Readers, do you have a smart home, or do you find smart devices untrustworthy? Let us know in the comments below!