How to protect your smart home devices from hackers
In this article, I’m going to show you some easy steps you can take to protect your smart home devices from hackers.
But if you think your smart home devices are safe, then you need to think again.
In the sentences that follow I’m going to tell you a real-life story of how a smart home device was hacked.
I will also tell you two other stories of how personal data was leaked through smart home devices.
Here’s the first story…
According to an article published on fox6, Lamont and Samantha Westmoreland, A Milwaukee couple suffered a horrifying incident after their Smart Home setup was hacked by unknown intruders.
The couple had installed a Nest system, (a setup of camera, doorbell, and thermostat) in their home in 2018, and on September 7, 2019, intruders hacked the WIfi.
Samantha Westmoreland returned from work to a blazing hot home. The thermostat had been turned all the way up to 90 degrees.
She thought it was a glitch — and set it back to room temperature.
The thermostat continued to go up — and a voice began speaking from a camera in the kitchen — and then playing vulgar music.
“So I unplugged it and turned it facing the ceiling,” Westmoreland said.
Westmoreland and her husband changed their passwords, but the problems persisted.
Eventually, they contacted their internet carrier and changed their network ID.
They believe someone hacked into their Wi-Fi and then, their Nest.
Watch the video below to get the whole story
https://www.youtube.com/watch?v=w7zZwscu7j8
The second story goes like this…
On the 28 of August 2019 at exactly 11:53 p.m. GMT+1 Drew Harwell published an article in the Washington Post.
Drew reported that the doorbell-camera company Ring had forged video-sharing partnerships with more than 400 police forces across the United States, granting them access to homeowners’ camera footage
The partnerships let police request the video recorded by homeowners’ cameras within a specific time and area, helping officers see footage from the company’s millions of Internet-connected cameras installed nationwide.
Legal experts and privacy advocates have voiced alarm about the company’s eyes-everywhere ambitions and close relationship with police, saying the program could threaten civil liberties, turn residents into informants, and subject innocent people, including those who Ring users have flagged as “suspicious,” to greater surveillance and potential risk.
So now Imagine you bought a doorbell camera from Ring, your recorded video would be available to the police at any time upon request…
That would be horrible, isn’t it?
Here’s the third story — a more disturbing one
vpnMentor ‘s research team led by Noam Rotem and Ran Locar found a leak in Orvibo’s user database.
The database includes over 2 billion logs that record everything from usernames, email addresses, and passwords, to precise locations.
Orvibo is a Chinese company, based in Shenzen that manufactures 100 different smart home or smart automation products.
Look at the image below, you will see that Orbivo is collecting a large amount of data from its users such as name, email, IP, phone number, country, etc…
Look at the other Image below, you will also realize that they collect very specific geo-data, chosen family names, usernames, passwords, and the reset codes that would allow for account takeover.
The code is available for those who want to reset either their email address or password.
This means a hacker could permanently lock a user out of their account by changing first the password and then the email address
Vpnmentor found another Smart Camera log that included a message that was recorded word for word.
This opens up the possibility of a user revealing even more personal information through their account.
Now, imagine if you bought a smart mirror from Orvivo, that includes technology to show the weather and display a schedule.
… Your data would give a hacker precise information about your calendar. A bad actor could access this data and use it for all the wrong reasons.
These three scenarios demonstrate how vulnerable you and your smart devices are in the face of an attack.
This is the reason why it is very important to protect your smart home devices.
So the question now is how do you protect your smart home devices?
How to protect your smart home devices from hackers
Strengthen your Network Security
When you want to install a home network, make sure to buy a router from a reputable brand.
Follow the instructions to change the default login credentials, for example, the password and network name.
Create a strong network name. Your network name should not give any clues about your personal information since hackers can use this info to attempt a brute-force attack.
In a brute-force attack, a hacker can use trial and error tactics to decode passwords.
In some cases, the attacker will attempt to guess your password using a dictionary list of common words people use to create user credentials.
Some routers have the option of hiding the network view from the public.
The configuration is usually found in the settings menu, so make sure to hide the network view
Most routers support the ability to create several networks, with each having a unique password and username.
Create a second network and use it only for smart home purposes. This will enhance your Wi-Fi security.
It is advisable to create a guest network where family members and friends can access.
Implement Strong Password Security
Password security is the most used method for protecting smart and IoT devices. As a smart homeowner, you must take password security seriously.
Here are a few tips to help you tighten your grip on your password security.
- Use unique and hard-to-guess passwords.
- Replace the default passwords that come with new appliances.
- Use different passwords to secure different devices. If you use the same password for all your devices, hackers can easily get access to all your devices if they steal them.
- Use a password manager such as LastPass, to manage your passwords.
- Don’t share your passwords with other people
- Do not write down your passwords on pieces of papers.
- Change your passwords every month
- Use a combination of special characters, symbols, and alphanumeric (numbers and alphabets) characters when creating new passwords.
Register all your smart devices with their brands
Register your devices so that you can receive security patches and updates on time.
Some IoT devices don’t send out regular updates but it is still important to register them, You will receive information about new security issues, vulnerabilities, or bugs.
Don’t give unnecessary permissions when installing a new application on your IoT devices it can result in security risks. Hackers can use these permissions to spy on or exfiltrate your information.
Don’t install smart home devices yourself — Outsource to professionals
I know that you prefer to buy and install smart home devices yourself, while there is nothing wrong with that, it is important to note that a security professional will install and configure your smart devices with top-level security.
Security professionals will handle all the technical configuration tasks and suggest usage and maintenance strategies for an advanced security posture.
Besides, the security expert will always be available for consultations if there are any security issues.
Unplug smart home devices, not in Use
Most times you leave all your devices connected to the Internet and running, whether they are in use or not, don’t you?
This practice is not advisable because continuous connectivity means a hacker can access your devices at any time.
I know that some devices such as smart thermostats, security cameras, and smart video doorbells, are important, others like smart speakers, are not, so unplug them when they’re not in use.
Only use smart connected devices when the need arises. Offline devices cannot be accessed by cybercriminals.
Erase all information when you throw away your smart home devices
You may decide to get rid of some of your smart devices, maybe you want to sell. give away, or throw.
No matter what your reasons are, always delete all data stored in it. The most straightforward method is just to perform a factory reset.
A factory reset restores a device to its original state. If you Fail to erase all the data in your device, the next person who uses the device will be able to access your personal information.
Sometimes, the disposed of devices may still connect to other devices in your home network, thus increasing the security risks.
the disposal of devices may still connect to other devices in your home network, thus increasing the security risks.
Understand the devices before buying any
Before you buy any device, it is important for you to take the time to understand the type of device you’re buying, and the data the device can collect, the available storage and security mechanisms it has.
It is also important to check whether third-parties will be able to access the information.
Understand these factors, they will help inform you of the dangers of a device before you own it…
Set up a secure VPN service
A virtual private network is an easy way of making sure that your smart devices communicate with each other and the environment in a secure manner.
A VPN tunnels the information communication channels, masks the IP address, and hides the smart home network traffic from attackers, the internet service providers, and the government.
The VPN security protocols protect your online identity and enable encryption layers for data-in-transit.
I know you think that setting up a VPN is complicated, but a VPN service like Express VPN provides a step-by-step guide to help you
Use anti-virus security
A lot of security companies provide great anti-virus products for securing a smart home.
Most of the devices running in a smart home network lack the required computing power for running a dedicated anti-virus product.
Other devices like PCs, laptops, and tablets can run a powerful anti-virus software.
Most individuals may not classify them as smart devices, but they still connect to the same network.
Hackers can target them to gain access to private accounts or information used to run a smart home.
Using anti-virus programs where necessary is important to securing smart home systems and technologies from malware programs designed to steal data, financial information, or enable hackers to control smart home appliances remotely.
Monitor the data flows regularly
To monitor the data flows in a smart home network, it is good to answer some questions;
For example, are your devices using cloud storage to backup collected data?
If not, what are the applied protection measures, and where does the data go?
Are any of the devices sending reports regarding your music playlist or reports on how you use energy?
Some smart devices may not contain instructions to determine answers to such questions.
However, be rest assured that smart device vendors collect a lot of data, whether visible or not.
To monitor the collected data and its storage locations, identify the devices that automatically backup data to cloud storage.
The approach can help monitor some of the information collected and determine what it is used for.
Some smart appliances still don’t have a cloud storage option but still receive a lot of data.
In such cases, it is always advisable to do a little research by visiting the vendors’ websites or call them to understand the storage and security measures applied to secure your information.
Conclusion
I hope you found these security measures helpful. What other methods not mentioned in the article do you use to protect your smart home devices? Please leave a comment below and let us know.
Originally published at https://infosecreporter.com on November 18, 2020.
