How to keep your smart home secure
Photo by Sebastian Scholz (Nuki) on Unsplash
With smart home devices becoming mainstream, here are some key security vulnerabilities to pay attention to, alongside tips for keeping your smart home ‘hacker-free’.
Everything from our phones to our watches are getting the prefix ‘smart’ these days, so why should our homes be any different? A key goal of embedding ‘intelligence’ into things and spaces is convenience, so imagine being able to toggle a light switch using your smartphone, or activating the air conditioning using just your voice. With Internet of Things (IoT)-enabled switches and sensors communicating with a connected home assistant, you could do all these and more from the comfort of your couch.
Tempting as it may be to set up a smart home, keep in mind that the increased connectivity comes with its own risks—in particular, higher exposure to cybersecurity threats. The prospects of having your ‘smart light bulbs’ locked down by ransomware is very real and could result in you having to spend the night navigating around your own home by candlelight! Here are some ways that hackers could give ‘home invasion’ a whole new meaning.
The ‘head’ of the house
If you are using IoT-enabled devices in your smart home, the odds are high that you have a smart home hub for configuring and controlling them. Being the brains of the entire system, the smart home hub is a valuable target for malicious actors since it gives them the ability to take over practically every other gadget in the house.
For example, two security researchers exploited three vulnerabilities in a smart home hub developed by a Croatian company, tricking the device into thinking that they were the homeowners. They were able to gain the highest level of access to the home’s command centre and used their illegitimately obtained privileges to open a door by releasing the smart digital lock on it.
The chink in the armour
Even if you are confident that your smart home hub is secure, it does not necessarily mean that every IoT device linked to it shares the same level of protection against cyberattacks. Often, hackers are searching for the weakest link in the chain of smart home devices, and once they’ve found it, will use it as a foothold to disrupt other networked items.
Research by Hewlett Packard has shown that 70 percent of consumer IoT devices have insecure web interfaces, which means that they had poor session management and weak default credentials—essentially a welcome mat for hackers to infiltrate home networks.
Walls have ears and hedges have eyes
Although smart devices are designed to be quiet and unobtrusive, the network traffic that they transmit and receive can be a treasure trove of insight into our personal lifestyles and habits. Even though traffic passing through these devices is usually encrypted, a hacker could take advantage of various security loopholes in the transmission protocols to decrypt the network packets and gain access to sensitive information.
Furthermore, IoT devices typically collect at least one piece of personal information and store it on board the device or sync it with a cloud server. Cybercriminals may steal this information and use it to attempt to breach other systems in your smart home.
Worrying as these security risks may be, your dream of creating a smart home need not be shelved indefinitely. Our GovTech cybersecurity specialist, Goh Jing Loon shares three concrete measures you can take to keep cybercriminals outside the gate.
1. A secure boot ensures you start on the right foot
Hackers may modify the firmware of your smart home devices so that when the device boots up, the malicious code gets executed instead of or alongside the operating system. This could result in device failure, or hand over control of the device to the malicious actor.
Therefore, when purchasing a smart home device, check if it has a smart boot function that you can enable. This ensures that the device checks the boot code and only allows trusted code which has been embedded in the device to run.
2. Move with the times and update
If you are hoping to get the most bang for your buck, then you would want to use your smart home devices for as long as possible. However, beware of outdated security protocols which could be exploited by hackers.
Ideally, you should purchase devices that are able to receive security patches. User behaviour also matters—be sure to regularly check for security updates and install them promptly.
3. Brand names do matter
There are a range of smart home devices on the market, and those from well-established brands may cost more. This premium pricing does bring some peace of mind since large and reputable tech companies are more likely to take an active role in monitoring security vulnerabilities and anticipating new ones.
Having said that, some degree of due diligence is needed on the part of the consumer—one should perform a market survey and look out for brands that are trustworthy and reliable in rolling out security updates in a timely manner.
https://www.tech.gov.sg/media/technews/how-to-keep-your-smart-home-secure