We have more Internet-connected devices than ever before in our homes. Appliances like TVs, video cameras, game consoles, stereos, even our light bulbs connect to WiFi to transfer data both between each other and offsite servers.
There are approximately 15 billion devices online today, and that number is expected to rise to anywhere from 50 to 200 billion over the next 4 years. In 2014, the smarthome industry alone generated $79.4 billion in revenue.
Connected devices are meant to make our lives easier, helping to monitor, analyze, and automate everyday tasks. Unfortunately, they also represent vulnerabilities that can expose more of your private life to hackers than ever before.
It’s not all bad news, however. There are steps that can be taken to keep your data and devices safe. But first you need to understand a little bit about the possible dangers and why certain defenses work.
Smart Homes and Smarter Hackers
The Internet of Things opened a lot of new lanes for startups to disrupt large, established corporations. While these startups often have innovative designs, security isn’t always a concern or possibility. Even if a device is encrypted, it’s not uncommon for vulnerabilities to be exploited. Take Samsung’s connected fridge, for example.
During the inaugural 2015 DefCon IoT hackathon, an exploit was discovered that allows a man-in-the-middle attack on Samsung’s fridge that allows someone access to your Google account information. But that was 2015 – surely things have gotten better since then right?
Wrong – at the 2016 event, the IoT Village hackathon was held for a second time and 47 new vulnerabilities were found across a wide range of connected devices from routers to smart locks and even a connected wheelchair.
To make things worse, a Canadian research team just recently created a worm that can take over Phillips Hue lightbulbs. Meanwhile the Mirai botnet source code has been made public, allowing anyone to harness the power of millions of compromised IoT devices in order to launch DDoS attacks on websites.
Security vulnerabilities are nothing new, and tech companies like Samsung, Microsoft, Google, and Sony constantly release updates to patch them. Smaller companies don’t necessarily have the resources to do this, however. While a zero-day attack on a major brand may receive immediate attention, a smaller company may never resolve these issues.
That leaves it up to the end-user to secure these devices, but exactly how to do that isn’t an easy answer.
Securing Smart Homes
Although these devices can all access the Internet, they don’t do so directly. They connect through your home network, and keeping that safe takes a combination of physical and digital security.
1. Encrypt the Router – The first step to securing your home network is to secure the router itself, which starts with changing the default username and password. It’s then necessary to enable WPA or WPA2 encryption and update the router’s firmware. In addition, MAC filtering should be utilized to ensure no unknown devices can connect.
Even with all of this enabled, it’s still necessary to monitor the physical space around your WiFi network to ensure someone isn’t accessing it with a brute force attack and MAC spoofing (both of which can be easily accomplished with free tools available online.
2. Set Up a VPN – Now that your network is secure, it’s important to keep it secure. This can get a little more complicated, especially when it comes to smart devices you’re unfamiliar with. Any time a device connects to the Internet, it provides an IP and MAC address that allow other machines to communicate with it. This is where a virtual private network comes in.
A VPN reroutes your Internet traffic through a secure tunnel that provides a layer of encryption and allows you to bring your home security with you on the go. For example, remote monitoring security cameras through a smartphone on a public network exposes your data to anyone listening to that network, but with a VPN, that data is encrypted and unreadable.
3. Secure Each Device – Of course, even a VPN has vulnerabilities. If someone takes control of your physical device, they can effectively do whatever they want. If a device is stolen, you’ll need to remote wipe it to provide a thin layer of security to the layman, but a skilled hacker can easily recover this data.
When selling or giving away a smart device, understand that the new owner could recover your personal information. When buying used equipment, know that the old owner may still have admin access and could compromise your network. Be aware of this before selling an old device or buying a used one.
4. Browse Safely – Due diligence is necessary whenever you surf the Internet. Most malware is installed on local machines through malicious weblinks and email attachments. The U.S. Computer Emergency Readiness Team warns every year that these attacks heighten during the holiday shopping season.
Only click links you trust, utilize a firewall, antivirus, and antimalware on each computer, phone, and tablet, and don’t open attachments from people you don’t know. This keeps you from compromising the security you carefully set up.
The Final Word
Connected devices are meant to make our lives easier, but they also represent a threat to our online security. Our phones, fridges, TVs, and light bulbs have already been used in coordinated attacks on some of the Internet’s most popular websites. They can also be used to access personal networks and compromise data.
This doesn’t mean we should avoid technology – the benefits are too great. Instead, we need to focus on keeping these devices secure. Encryption, VPNs, security software, and due diligence make these attacks less likely and provide a layer of protection like locking your door when you’re not home.
With a focus on security, you can rest easy knowing your smart home is resistant to attack from the unknown depths of the Internet.