Do You Have Several Smart Devices at Home? Prevent Them from Being Hijacked
Hackers can use the devices to steal sensitive information or attack major websites
As more items become incorporated into the Internet of Things (IoT) and earn the label of a "smart" device, it is becoming more likely that everyone will have at least one in their house: light bulbs, thermostats, televisions, and speakers are all included. What could go wrong?
Much more than most people know. Many of these devices are turning out to be dangerously vulnerable to hacking. If that happens, attacks could go through the device to find sensitive information such as financial or health information. Hackers could even use a network of compromised devices to attack on a large scale and take down major websites, as happened in October.
Fortunately, hacks of home devices have been relatively uncommon so far. In a recent study for the Hartford Steam Boiler Inspection and Insurance Company, only 10 percent of American consumers confessed to being victims of the crime. However, these people reported experiencing losses of $1,000 to $5,000 as a result of the attacks.
"There's still this whole sort of, 'Gee whiz, it's so cool' thing that's going on" with home devices connected to the Internet according to Lee Tien, a lawyer for nonprofit Electronic Frontier Foundation. "That's also what often gets us into trouble."
As these devices grow in popularity, so will the number of attacks on them. For this reason, consumers should start learning now how to secure theirs.
Research before Buying
If you're in the market for IoT home devices like smart speakers, lighting systems, or televisions, it is usually best to go with a trusted, established brand.
According to Liviu Arsene, who works as an analyst for Bitdefender, a company that sells security hardware meant to protect smart home devices, the bigger and more well-regarded companies such as Amazon and Google have backgrounds in keeping security in mind when developing products. Before consumers buy an item, he said, they should search for it online to find out whether or not the company issues software updates regularly that fix security vulnerabilities.
It is also important that people read company privacy policies carefully. According to David Britton, a vice president in Experian's fraud and identity department, consumers should be curious regarding whether a company itself is a threat to user privacy.
"What are they capturing about you?" he said. "Is the data leaving the device? Is it being sent back to the mother ship?"
Think about the smart speakers developed by Amazon and Google. According to Amazon, the Alexa smart assistant, which is used in Echo speakers, automatically downloads software updates in order to prevent attacks from new security threats. Echo data is also uploaded to the company's servers only after people say the wake word "Alexa," which reduces the odds that it will record conversations that are not related to requests meant for Alexa.
Google stated that its Home speaker also issues software updates on a regular basis and also uses advanced security features, such as a technique disabling the speaker in the event that someone tampers with its software. According to Google, the speaker will only process speech after it detects the words "O.K. Google" or "Hey Google."
Other major brands sometimes engage in practices that may be objectionable to their customers. For instance, smart television maker Vizio hit headlines when investigative news site ProPublica revealed that the company kept detailed records of user viewing habits and shared the information with advertisers, who could then use it to figure out which other devices the user owned.
Strengthen Your WiFi Security
As the pulse of your smart home, your WiFi network could be a vulnerable focus for hackers. Britton and Arsene suggest that you connect all of your smart home devices to a WiFi network separate from the one connected to your computing devices, like your smartphone, tablet, and computer.
Doing this, said Arsene, will make it more difficult for hackers to go from infiltrating a smart device one one network to a computer on the other.
The easiest way to make a second network is to make a guest network. Many modern routers are able to host a network for any guests at your house that uses a name and password other than those used by your main network. If you quarantine your smart home devices onto a guest network, they will all be able to interact with each other, and your computing devices will be safer if any of the smart devices is hacked.
According to Britton, you can even change the router's network settings to disable broadcasting the name of the network if you are really concerned about hacking. This will make it harder for hackers driving by to find and infiltrate the network, but it will also force house guests to type in your network name and password manually when logging on to the network.
Make Your Passwords Tougher
The same security principles used for websites also apply to the IoT. You should set a strong and unique password for every device you own. If you use the same password for all of your devices and one is hacked, the others can be too.
Strong passwords can be random strings of numbers or a nonsensical phrase including numbers and special characters, such as "My favorite color is Pen1237^" or "The dog ran in ciRCles 459&."
Can't memorize your passwords? That's actually a good thing, since it means it would be hard for a hacker to figure out. Either write them down and store them in a safe place or store them in a password-managing app.
Check Your Devices Regularly for Updates
Though a reputable manufacturer will offer software updates to fix any security holes, it is often left to the consumer to keep the device updated.
Both Britton and Arsene recommend that users log into either mobile app or website for their smart devices on a regular basis and find out if there are any software updates necessary. Install all available updates immediately.
Hit the Mute Button
Security researchers particularly concerned about privacy often place a piece of tape over their computer's webcam. Even the chief executive of Facebook, Mark Zuckerberg, does it.
There is an equivalent for smart speakers: a mute button that disables the device's microphone from listening. If a device is hijacked, said Britton, muting the microphone could prevent the attacker from listening in on your conversations.
The alternative, of course, is to choose not to have any smart home devices. This was the route chosen by Tien, the Electronic Frontier Foundation's lawyer. He used to study the privacy risks of smart meters, which utility companies use to monitor users' energy consumption.
Tien said that he accepted the privacy implications of owning smartphones, but as for smart home devices?
"I think it's sort of asking to have your privacy invaded to have something like that," he said. "I'm not sure that the value of it is really all that great."