- Because the internet of things market is relatively young, most smart home devices are vulnerable to security breaches.
- At the moment, smart home security measures largely depend on the vigilance of the end-user.
- Consumers should be advised to limit personal information stored in home automation gadgets.
By and large, smart home technology has arrived — including thermostats that can learn the preferred temperature settings of the family and energy-efficient lighting systems that produce a variety of ambiances.
In addition to convenience, home automation systems typically evoke a sense of security, which is especially important when you consider that 90 percent of consumers say security is among the main reasons to invest in smart home technology, according to icontrol.
It’s therefore no surprise that homeowners have already begun to outfit their abodes with Wi-Fi-enabled cameras and alarm systems. Plus, nearly 1 million homes in North America are equipped with a smart lock of some kind, and it doesn’t end there — the global smart lock industry is expected to reach 3.6 billion by the year 2019.
With all the growing interest surrounding smart home technology, it’s easy to assume that these products are impervious to security flaws. Unfortunately, that’s not entirely the case.
If you’re not familiar with the term, the internet of things (IoT) refers to the growing network of everyday devices and appliances (the coffee maker, slow cooker, HVAC, etc.) that use the internet to interact and store data. And like other online interactions, IoT gadgets are just as vulnerable to cyber-attacks and hackers.
Studies have highlighted serious security vulnerabilities in a multitude of home automation devices. Many gadgets have poor password policies while others aren’t equipped with sufficient security for their debugging interface, allowing easy access for hackers. With IoT still in its infancy, essentially any smart home device is more or less exposed to the elements.
1. Use a smart password strategy
Passwords are the first line of defense against cyber-attacks — whether it’s for internet routers, smartphones or home automation applications. For this reason, consumers should make sure their passwords are changed frequently (more than once a year).
Passwords should be long and unpredictable, preferably using a series of upper and lowercase letters, as well as numbers and special characters. Also, never use names, birthdays or addresses (and the ever-popular “password” or “1234567” are completely out of the question).
To assure they’re strong and varied, consider using a password generator. Programs like these can store passwords online (make sure they’re encrypted), allowing users to make each password unique and difficult to hack into without worrying about losing them.
To maximize password strategies, encourage clients to enable two-step authentication features. It might take a little longer to log in, but the extra time could help deter would-be hackers.
2. Review camera log history
Internet-enabled cameras and “nanny cams” are typically a hacker’s primary point of entry.
In November 2015, over 73,000 smart security cameras were hacked, and their images were unwittingly posted on the internet. The main issue? Users failed to change their passwords (remember that one?).
If tenacious hackers do manage to bypass authentication protocols, consumers should frequently check their camera logs. Many security cameras allow users to go over the history of IP addresses that have accessed the feed.
By regularly reviewing the logs, homeowners can ensure no one has infiltrated their smart cameras — whether it’s for spying purposes, leaking footage or both.
3. Use secure Wi-Fi networks
For starters, connected consumers should avoid using public Wi-Fi networks. Home automations that are connected to public Wi-Fi make it easy for hackers to procure sensitive data while no one’s the wiser. Always use a secure network or switch to a mobile data service before putting smart home technology to use.
Customers might also want to check the type of encryption that is being used by the router. Seeking devices that use Advanced Encryption Standard (AES) could help prevent hackers from discerning signals that are sent between devices and components.
Even when hackers are able to intercept the signals, they might have trouble decoding them.
In addition, setting up more than one network is never a bad idea. Segmenting smart home devices into separate networks can prevent a hacker from automatically gaining access to every device from a single security breach.
4. Choose a reputable brand
A company that’s newly tinkering with smart home technology might not be up to the task of addressing security risks. But developers that’ve been around long enough are more apt to know what makes an IoT product efficient and secure.
They’ve had time to build a reputation around their products, which has likely been vetted by consumers and possibly tested by security firms.
For instance, security intelligence companies Synack and Veracode have tested a variety of smart home products for security flaws, which resulted in a number of positive recommendations for name-brand smart home features.
It’s important to encourage consumers to focus on companies that are as committed to the security of their products as they are to their products. And of course it never hurts to inquire about the security measures the company has taken before making a purchase.
5. Be prepared for a possible cyber-attack
Even with the most airtight system in place, it would be rash to guarantee that security measures could never be compromised, and it’s important that users are prepared for the possibility.
Clients should be advised to limit any personal information stored in home automation devices to mitigate the damage inflicted by a potential security breach. And as mentioned before, all transferred data should be encrypted.
If a system has been hacked, immediately change passwords, contact credit card companies, banks and credit bureaus — and document everything. Once the extent of the cyber-attack has been determined, file a police report as an official record to help combat identity theft.
The convenience and freedom of IoT also comes with inherent security risks. Smart home technology is developing at a rapid rate, and it’s projected that the average family in 2022 will have over 500 home automation features, according to Gartner, a technology research firm.
As the ecosystem of IoT continues to evolve, security is quickly scaling the totem pole for both developers and public authorities. In the meantime, homebuying clients should always be made aware of potential threats and how to effectively respond to them as they continue to adopt this exciting new technology.
Arun Ganesan serves as Vice President and Chief Technology Officer at Esurance, where he’s responsible for data management, cyber security, business intelligence, infrastructure and operations.