As families around the world excitedly gobble up devices that connect to the Internet of Things (IoT), home life is starting to look more and more like an episode of The Jetsons. (If you’re too young to have spent Saturday mornings watching The Jetsons, this clip explains a lot about our current fascination with household technology!)
But the Jetsons never seemed to worry about the security of the devices that made their lives so easy. It’s a different story for today’s homeowners (whether you know it or not). Home IoT devices are notoriously easy to hack — and cybercriminals know it. But you don’t have to give up all of your connected devices; you just have to learn how to secure them.
What falls under the term “IoT”?
“IoT” refers to the Internet of Things and includes all of those cool, helpful, and trendy devices that rely on a connection to the internet to work. Amazon Echo and Google Home are obvious examples, but there are so many more:
- Doorbells that let you see who’s at your door via your smartphone
- Light bulbs that can be turned on and off from your smartphone, helping you save energy costs (not to mention the more fun aspects like syncing them to a playlist when you’re having a party)
- Smart locks that let you unlock your door remotely for your babysitter, dogwalker, or the Amazon delivery guy
- TVs that let you stream content from Netflix, Hulu, etc.
- Healthcare devices — from patches to ingestibles and implanted devices — that record vital signs and other information and, in some cases, transmit them to health care providers and family members.
There are even refrigerators that know when you’re out of milk (and add it to your grocery list) and diapers that let you know when your baby needs to be changed. In fact, there seems to be no end to our appetite for IoT devices: There are already more of them in use than there are people on the planet. And it’s predicted that, by 2020, there will be around three devices per person.
Unfortunately, at this point, most of them are vulnerable to attack.
Why in the world would anybody want to hack light bulbs?
Because the light bulbs themselves aren’t the real target. Once hackers access that light bulb, they have access to everything else on the same network…which for many homeowners, is everything. Including the computers that store their personal data, the passwords to their bank accounts, etc. To build on the pop culture theme, remember that all Luke needed to do to take down the Death Star was to hit one tiny exhaust port.
When it comes to security, your IoT devices are the equivalent of that exhaust port. If hackers can get into one, they can get into the whole shebang.
Is that really a thing?
Yep. One report stated that average IoT device is attacked every two minutes (and that was back in 2017). Not that all of them were successful, of course, but far too many are. Here are some of the most notorious examples:
- Back in 2016, a botnet took down huge portions of the internet, including sites like Netflix, Twitter, and CNN. That takes a lot of computing power, and, in this case, investigators determined that power came from hundreds of thousands of IoT devices — things like TVs, digital cameras and DVRs — that were hijacked without their owners’ knowledge.
- In 2014, an Ohio couple was startled awake in the middle of the night when they heard a male voice screaming, “Wake up, baby! Wake up, baby!” It turned out that someone had hacked into and taken control of their “smart” baby monitor. When they raced into their baby’s room, the camera turned toward them and started shouting obscenities.
- Another couple had a similar experience one evening when their Alexa Dot started screaming “like a child in a horror movie dream.”
- A family in Oregon received a call from one of the father’s work colleagues, letting them know that Alexa had sent him a recording of what they thought was a private conversation (fortunately, it was just about what kind of flooring to buy). An Amazon engineer was able to go through the logs and determined that it was the equivalent of a cell phone butt dial: Alexa heard certain words in a certain order and acted on what she thought was a command, even though nobody was talking to her.
And those are just a few documented examples. It’s not too hard to imagine some real nightmare scenarios:
- What if your smart smoke and carbon monoxide detectors were attacked by a Stuxnet-like virus that turned them off while all signals indicated they were still on and functioning properly?
- What if your security cameras or nanny cams were used to scout your home for valuables, so criminals would know whether to bother breaking in?
- What if a cybercriminal hacked into your smart light bulb (something that can be done in as little as three minutes) and switched it to the “home” setting, thereby telling your smart hub to turn off your alarm and unlock your doors?
None of this means you have to give up your smart home devices, but it does mean you should give some serious thought to the security risks and take steps to protect yourself and your family.
What homeowners can do to make their connected homes more secure
The easy answer? Education. There are a lot of simple things homeowners could be doing to secure their devices, but they’re not doing them because no one ever told them they should. Here are some of the most important:
- Before you purchase a new IoT device, do your homework. First, think about why you want it, and ask yourself if it’s worth the security risk. If you decide that it is, start researching the product. Some brands are more secure than others. One non-negotiable: Make sure it can be updated with software and firmware patches. Many IoT devices can’t be updated when new vulnerabilities are discovered. Those are the ones you want to leave on the shelf!
- Buy a router that allows you to set up more than one network: Newer routers often allow you to set up multiple networks. (Hint: You don’t have to stick with the router you got from your service provider.) Put your personal computers and anything else that contains sensitive data on one network, and put all of your IoT devices on another. That way, if one does get hacked, the damage will be contained.
- When you buy an IoT device, create a new password: If a device comes with default login credentials, change them right away — when you set the device up. (Don’t think you’ll do it later, once everything is in place, because you’ll probably forget.) Why is this so important? Because the default password is often the same across an entire product line, and few self-respecting criminals would pass on the opportunity to hack so many devices at once. It doesn’t even take a hacking genius to find out what the default password is — the information is often available online. So, to quote Nike, just do it.
- For both your router and all of your connected devices, install software and firmware updates as soon as they’re available, since they’re often used to fix security issues. If possible, set your device preferences so that these updates are installed automatically. In most cases, though, you’ll have to go to the manufacturer’s website to see if there are any updates available, so set yourself a reminder to check for updates on a regular basis. (Or try syncing it to the time changes, like the reminders to change the batteries in your smoke detectors.)
- Take the time to read the user’s guide. It may be boring, but it may still contain valuable information, like the fact that there are no plans to provide updates or patches (in which case I’d strongly recommend returning the device right away).
- Avoid internet cafes and other places where you have to rely on public WiFi. Cybercriminals can camp out at a table in your favorite coffee shop and gain access to the smartphone apps you use to control your IoT devices. Once they’ve done that, they can access the devices themselves — as well as every other connected device on that network.
Taking these steps will make the average connected home much more secure than it is today. For homeowners who want to take their security even further, you can find advanced steps in this white paper about security in the smart home.
Featured image credit: Jon Betts via Flickr Creative Commons license