The dangers of a Smart home

The dangers of a Smart home

10th July 2019

As new smart devices arrive on the market, they promise to make life easier and to help our lives run more efficiently. Whilst they are typically aimed at busy professionals, they are now present in a wide variety of homes. Whether you are using a digital assistant to record your shopping list or automatic lights controlled through a smart system, all of these functions are vulnerable and could be controlled by an unauthorised person from outside your home. As technology advances, it does come with some risks. Our homes, once considered our sanctuary, can no longer be considered a safe place as we allow more and more of these devices into our lives.

Smart, internet technology is growing hugely in popularity and becoming more commonplace in the home, so it is important that you learn how to secure all of the new, connected devices. If your home contains smart devices that are connected to the internet, then you must ensure that you have adequate protection in order to keep your family safe. The consequences of not protecting these devices could be potentially devastating. Not only could attackers steal your data for identify fraud or to make unauthorised purchases, but you are also opening your family up to instances of child exploitation, such as grooming.

The Internet of Things (IoT) is the term given to all of the appliances and devices that connect to the internet within your home, and this can include anything from digital doorbells to washing machines and kettles. There are also apps which can control everything from your oven to your home heating. All of these products are a potential doorway for a cyber attack to penetrate your home network. However, whilst there is a feeling of distrust with these devices, people are just not prepared to give them up as they feel the benefits outweigh the negatives. It is possible to use these devices and keep yourself safe, you don’t just have to accept the negative consequences. You have the power to secure your home, with just a few simple steps.

Your first step should be to ensure that your router is protected. It is recommended that you change the default router name (SSID) and security password in the settings.

The router in your home is the gateway into your network. Your first step should be to ensure that this important equipment is protected. It is recommended that you change the default router name (SSID) and security password in the settings. You can usually find the method for this in the product instruction manual. Set it up with a name that doesn’t give away any personal information such as your family name, as well as a complex password with at least 8 characters consisting of upper and lower case letters, numbers and symbols. Ensure you avoid common or easily guessable passwords and that it is kept safely away from the router itself. In fact, it is advisable to change the password on any internet connected device, if possible. Often devices will come with an easily guessable password, such as 1234 or admin, so it is important to change these as soon as you can.

It is also essential that your router should be using a strong encryption setting, for example WPA2, rather than WPA or WEP. This ensures that any data being sent by the router is encoded securely, and that it cannot be read if any messages are intercepted. You could also consider setting up a guest network on your router, if it has that feature available. That way, when guests use your Wi-Fi it doesn’t give them access to the existing devices on your network and your IoT devices.

The next step is to make sure any software on your IoT devices is kept up to date. Manufacturers regularly send out updates to their devices or put these updates on their website for you to download. These updates help to fill any known holes in security and patch any vulnerabilities that have been identified – usually through a known attack. It is important that checking for these updates becomes a regular part of your security routines, because they are not always installed automatically as they might be for other devices such as your laptop.

Many IoT devices come with several features that the majority of people don’t actually need. For example, many have an option to control the device over the internet, from a different location, and some devices are configured to be voice-activated. Do you really need to control your smart kettle from outside your house? These features are often enabled by default, and you need to go into the settings to disable them. It isn’t always complicated, and details are usually provided on the product website, so it is worth it to keep the bad guys out of your devices. Remember, if they can find a way in to your network through one of these devices, they could get to the other devices on the same network, for example your laptop with your online banking! It is also a good idea to create your own key words to start any voice-activated devices, by changing the default wake words on the device if possible. It makes you a much harder target for burglars etc.

Often, if someone sees you have taken steps to increase security, even small steps, it puts them off and they move on to an easier target.

Carry out an audit of all the devices currently connected to your network. It is important to take into account devices such as gaming consoles, digital assistants etc. Disconnect any devices that do not currently need to be connected. It takes seconds to unplug or turn off, but drastically reduces the possible ways an attacker could get into your home. If that is impractical the other option you have is to only connect to the internet when you need to. Many smart devices are set up to be automatically always online when they don’t need to be, and they actually only need to be connected occasionally. These devices can be listening or filming you all the time, so think carefully about where you place them. If you do get hacked, and these devices are under the control of a stranger, you could find yourself a victim to threats like webcam blackmail.

If you are going to use apps to control parts of your home, make sure that you have protection on your smart phone too. You should at the very least ensure it is protected with a PIN of six digits or more, alongside any biometric authentication you have set up, but it also would be an extremely good idea to have anti-virus software installed. There are free anti-malware software programs available for you to use, which are better than nothing, but you do get what you pay for. Always buy the best anti-virus that you can afford.

You could also purchase a dedicated firewall device that plugs in to your network and stops cyber threats from reaching your router. Whilst many ISP routers do now have some firewall capability, they are no replacement for the real thing. A firewall security device can analyse the data coming in to (and out of) your network and use this information to help prevent malicious attacks.

It creates a safety barrier for your network which can be used to block risky websites and apps and help you to control what is going on within your home. This can be a fantastic option if you are concerned with the privacy of your data, as it is a great way to prevent malware and hackers from getting their hands on your information. A security device is strongly recommended to anyone who often works from home or deals with sensitive information, as your home is more likely to be a target.

If you do feel that something may be wrong with a device or that something may be affecting part of your network, you should visit the manufacturer’s website to see if there is any information or perhaps ring their technical support department. On many of these devices you can also perform a factory reset, to try and break the control someone might have over your appliance.

By Emma Davis - Head of Testing & Training

Security Checklist

  • Secure your router by changing the default router name (SSID) and security password in the settings.
  • Change the password on any connected device, particularly those which come with a default password.
  • Ensure that your router is using a strong encryption setting, such as WPA2.
  • Set up a guest network so that visitors don't join the same network as your home devices.
  • Check for regular updates on IoT devices.
  • Turn off unnecessary settings, such as controlling certain devices from outside the house.
  • Change the default wake word on voice-activated devices.
  • Disconnect any devices that do not currently need to be connected.
  • Ensure that you have protection on your smartphone, including a six-digit PIN and antivirus.