Protect your smart home from hackers

Every so often, a news story breaks that makes us rethink the technology we allow into our lives.  Like this one, from the Chicago Tribune, February 8th, 2019:

Arjun and Jessica Sud routinely use a baby monitor to keep tabs on their 7-month-old’s bedroom. Last month, they heard something chilling through the monitor: A deep male voice was speaking to their child.

“Immediately I barge into the room because I’m like, ‘Oh my God, maybe someone got in there,’” said Arjun Sud, 29. “The moment I walk in, it’s quiet.”

The couple grabbed their son, now fully awake, and headed downstairs. When they passed their Nest thermostat, normally set around 72 degrees, they noticed it had been turned up to 90. Then, the voice was back, coming through the speaker in a downstairs security camera. And this time, it was talking to them.

The voice was rude and vulgar, using the n-word and cursing, he said. At first, he yelled back. But then, Sud composed himself and stared into the camera.

“He was like, ‘Why are you looking at me? I see you watching me,’ ” Sud said. “That’s when I started to question him back.”

The Lake Barrington, Ill., family’s Nest cameras and thermostat had been hacked.

The extent of the damage for Arjun, Jessica, and their baby was merely psychological in nature.  Still, the couple might be justified in asking themselves: are smart home devices safe?

If you’re asking yourself that same question, the following article will outline steps anyone can take to minimize the risk of smart home hacking.  By the end, you’ll have the knowledge necessary to ensure that your devices make your life easier, not more worrisome.

Weighing Risk

Anyone concerned with smart home security should understand the following truisms:

  1. Any device connected to the internet can be hacked.
  2. Smart home hacks are very rare.
  3. By configuring your home network, you can maximize the security of all your smart devices.

You may think: why bring internet-connected devices into my home, if they introduce security and privacy risks that non-connected devices don’t?  The answer to this question is simple. Do you own a computer? A mobile phone? What about a car built in the last twenty years? We take on minor cyber risks every day because the benefits of modern technology far outweigh the costs.

Smart home devices improve our daily lives in all sorts of ways, at relatively little cost.  The prospect of a hacked smart device is rather scary, but also very unlikely as compared to your phone and computer.  Think about it for a moment: hackers are people too, with motivations for what they do. Your phone and laptop contain personal identification information, bank and credit card numbers, and a whole slew of other valuable data.  Your smart thermostat, on the other hand, is about as valuable to a hacker as that hacker’s thermostat is to you. This is part of the reason why smart device hacks are so rare.

Still, your home should be a sacred, safe space.  We can both accept the precept that smart home hacks are extremely rare events, yet still feel that they should be guarded against.  And the first step towards securing your smart home is to secure your wireless network.

How to Secure Your Home Network

A “smart home” isn’t one, physical thing–it’s many different, individual things running over a shared network.  Your home Wi-Fi network is the first and most important component to your smart home’s operation, because it’s what connects everything to everything else.  But this convenience and efficiency comes at a price. I’ll use an analogy, to explain:

Most of the time, birthday parties are fun–everybody has a good time, talks to each other, and lives happily.  Sometimes, someone doesn’t have fun at the party–maybe they just got bad news, or drank a little too much. Usually, that person’s bad mood will affect only them, and maybe a few people around them.  The party goes on. However, if the birthday girl is in a bad mood it’s an entirely different matter. They’re the focal point of attention, the glue holding the party together, and the only person who’s friends with every person in the room.  Therefore, when the birthday girl has a bad time, the entire party suffers.

In cyber security, we might refer to a sad birthday girl as a “single point of failure”–a component whose failure causes an entire system to fail with it.  By connecting all of your devices with one another, your home network is what allows your home to be “smart”. But because it connects all your devices with one another, it is also a single point of failure.  If it goes down or, worse, becomes compromised, everything else falls with it. Therefore, your network is the first and most vital place to begin your quest for security.

Here, below, are some starting tips, to help you protect your home network:

Enable WPA2 wireless encryption

In the absence of encryption, a hacker tapping into your home internet could read the data streaming in and out of your devices as easily as you’re reading this sentence right now.  By enabling your router to encrypt your data, al4sm 09u3jnodfs5 lcv-f0s9 jf89jio kiuow9058t 894uw. You see?

Set up a specific network for IOT devices

Of all the devices you own, none are more vulnerable than the one in your pocket and on your desk.  Computers you use to access websites, open emails and otherwise engage with the internet have any number of ways of contracting malicious programs, unlike your smart devices, which have more limited functions and predetermined processes.  Therefore, it’s best practice to maintain separate networks–one that you use actively, one that your IoT devices use. Most Wi-Fi routers allow you to set up multiple networks to keep your internet traffic separate from your home automation device traffic.

Disable Wi-Fi Protected Setup

Wi-Fi Protected Setup is a network security standard invented in 2006, that was discovered to be majorly flawed in December 2011 when a researcher discovered it can be broken via a sheer brute force attack.

Disable cloud-based router management

Cloud-based tools allow you to manage your network remotely, but in the wrong hands, might allow a hacker to do the same.

Install the newest firmware and set the router to automatically update

Companies regularly release updates to your devices as new threats arise and engineers write the code to combat them.  By configuring your devices to automatically update, you’ll save yourself the effort of updating manually, while keeping your protections as up-to-date as possible.

Disable remote administrator access

Enabling remote administrator access allows for the ability to log into your home network, without being physically nearby.  An easy cheat tool for a hacker located many miles away.

Disable UPnP

(although, you may need to temporarily enable it to install a new device)

Universal Plug and Play is a Windows network protocol that allows devices operating over a shared network to discover one another.  The problem: the program assumes, by default, that any and all devices over the network are trustworthy. It comes set with no authentication mechanism, leaving routers and firewalls vulnerable to attack from a device that is not yours.  It is safe to temporarily enable this feature to set up your devices, but you should turn it off once your setup is complete.

Other Steps You Can Take

Smart devices tend to be closed systems, not subject to tinkering or modifying.  Still, there are precautions you can take with them that will help keep the standard of security in your home high.  For example, just as you do with your laptop and phone, it’s important to set and maintain good, diverse passwords as they apply to your smart devices.  This may be the single most important step you can take towards cyber security, and doing so requires no technical knowledge.

As with your food, your car or anything else in your life, it’s important to purchase your devices from reputable companies.  Look for recognized names, and good reviews online from customers or reputable websites. Smaller players in the IoT market might offer equally good or even better products than their larger competitors, just don’t buy a cheap security camera from an unknown manufacturer.  

Editor’s Note: only recommends products from well-known manufacturers.

Speaking of security cameras, it’s worth noting that not all smart devices should concern you to the same extent.  As mentioned earlier in this article, there’s little value to hacking someone’s toaster, refrigerator or baby monitor.  However, breaking a security camera, or a smart lock, could be very valuable to the right criminal. It’s a very unlikely scenario we’re alluding to here, but because of the nature of those more sensitive devices, it’s worth thinking twice before purchasing, say, a smart lock for your front door.  If you are interested in a smart lock, perhaps it would be best paired with a physical lock. Just to be safe.

Rethinking Security

Anybody in possession of an internet-connected device should be looking to minimize their risk of exposure.  In implementing the steps outlined above, you’ll be able to rest easier at night.

Still, security exists along a spectrum–you can’t be completely protected, only more or less so.  That’s because, no matter how well-armored your devices may be, they’re still built and operated by humans.  Humans, who unintentionally build and configure our machines in such a way as to leave them exposed, who fail to read privacy policies, and fall victim to phishing attacks.

Arjun and Jessica Sud are well justified in spending their time worrying about their child, rather than their tech.  If you’re concerned about befalling the same fate as they did, however, it’s worth noting how their hacker actually broke in.  He managed to get in not because of a deficiency with the baby monitor itself, but as a result of a vulnerability in the Sud’s home network.  Had they received proper advisement, such an event–already extremely rare, almost one of a kind in this case–likely would not have occurred.

Luckily, for all our human failures, companies are already taking extensive measures to ensure a high level of security in their smart products.  Oftentimes, for example, developers will publish “bounties” for anyone who can hack into their machines. In fact, there is an entire class of hackers–called “white hats”–who engage in no criminal behavior, and instead use their powers for common good.  White hat hackers will find security holes even before the release of a new product, allowing less liability for the manufacturer and greater protection for you.

None of us are perfectly secure because none of us are perfect; we can only do our best to compensate.  By caring about security–by reading this article–you’re miles ahead of the pack.