Live Smartly Without Inviting Criminals into Your Smart Home
It’s the most wonderful time of the year! Let’s be honest, it’s mostly wonderful because we can finally receive (and give) the gifts that were on our minds throughout the year. And nowadays, more and more of the stuff underneath the wrapping paper is likely to be techy in some way, right?
How about you? Did you buy any kind of smart device this winter? A fitness tracker, a smart TV, a connected robot toy? If you treated yourself or your loved ones to some fancy IoT devices, good for you. However, at Clario, our top priority is your security and peace of mind for your digital world. So, before you connect all your shiny new gadgets to the internet, let’s talk about IoT device protection.
What are IoT devices?
Just to be on the same page, when we talk about the Internet of Things (IoT) devices, we mean devices wirelessly connected to the internet. The same goes for smart gadgets. TVs, door locks, watches, fridges, baby monitors, toys, and even cars can all be smart. Inside the house, the devices can be connected to each other and together make up a smart home.
Connection provides the appliances with a whole new set of functions. Now that they’re smart, they’re more personalized and efficient. For example, a smart thermostat can reduce your bills by warming only those rooms you’re in. A smart speaker can help you find a song you liked by uttering a single phrase.
“...And I think to myself, what a wonderful world!” Yes, the world becomes more comfy with IoT devices. But, there’s the flip side. Even the best smart home devices might bring trouble with them.
What are IoT device security risks?
The fact that smart devices can be connected to the internet and to each other is actually their weak spot when it comes to security. Even the FBI warns about the vulnerability of IoT devices . So how are criminals spoiling the party by hacking smart home devices?
1. Home entry
Ironically, gadgets created to guard your home, such as smart locks and security cameras, can be unsafe themselves.
Recently, two security researchers analyzed a popular smart home hub, Zipato, and found they could easily break in . Some attentive investigation and a few lines of code was all it took to let them command the device to open the front door lock.
Zipato got right on it and has since fixed the problem. But, who knows where the real hackers will find the next security hole?
2. Car control
Cyberattacks on IoT devices go beyond homes. If your car is connected, it can be hit too. Last summer, Belgian researchers proved they can hack a key fob of a Tesla Model S . Again, the vulnerability was soon fixed. But it makes you wonder.
Apart from stealing a vehicle, hackers in control of a smart car can do other nasty things such as tracking the owner’s location and even interfering with driving. Yikes!
Smart home gadgets equipped with cameras and microphones pose another threat. Through these devices, intruders can spy in on people in their own homes.
One of the most sensitive scenarios is the hacking of a baby monitor. Unfortunately, these cases are regularly reported in the media. Some recent cases included strangers talking to a child  and threatening to kidnap a baby .
And many other smart home devices can also be used for spying, including smart TVs, speakers, and toys. Seems like the convenience of audio control and video monitoring comes at a high price...
4. Access to home network
It’s likely that all your smart devices work within a single home network. Every new gadget connected is like a new door to your network for a hacker. What if one of these doors has a really weak lock?
Unfortunately, IoT device security standards are not unified. So by finding and attacking a weak link, criminals can get access to all the other devices on your home network. Here’s another real-life example: in January 2019, a researcher managed to get a home network login information simply by hacking a smart light bulb .
What does it mean in practice? Well, you may store sensitive documents and photos on your laptop but they’ll be within the grasp of a hacker who enters your home network. Even if you protect the computer itself with a strong password, it’s not going to make a difference.
5. Exploitation of devices
What motivates hackers most often is that they can use smart home devices for their own benefit. Here’s how that works: every smart device has a certain computational power and this is a resource criminals can capture and exploit.
Hackers typically build large networks of hacked devices called botnets. Uniting tens of thousands of machines (computers and IoT devices alike), a botnet can become really powerful. With botnets, cybercriminals can mine cryptocurrencies, send spam to millions of users, or run attacks on certain websites. Eventually, all these efforts combined can turn a real profit.
It’s usually hard to notice if a smart gadget gets hacked, although it may start working slowly or erratically or consume more energy. And while this may feel less terrible than a home invasion or full-on data theft, you don’t want your fridge working for the bad guys and joining a gang, right? You want it to behave and work hard at keeping that leftover lasagne edible. So let’s find out how to strengthen your IoT device security.
How to secure your smart home devices?
Many factors make IoT devices more vulnerable than computers and smartphones. As we’ve stated, IoT device security standards are not yet unified, and often their protection design is weak sauce. In addition, you can’t install security software directly on a smart watch or a coffee maker and it’s hard to notice that your devices are hacked.
But, there are some basic tips for better IoT device protection. We get it, you’re not a computer specialist and probably won’t spend long hours setting up elaborate protection, but please treat the following as a minimum for your security.
1. Use strong unique passwords
We all know this golden rule when it comes to our email, Facebook, or laptop passwords. Let’s treat our connected devices in the same way. You need to make sure that your router, your home Wi-Fi network, and all your smart gadgets are protected with complex passwords.
You definitely shouldn’t use the default password provided with the device. If you do, here’s how you change it.
How to change your router and Wi-Fi password
- Ideally, look into the user manual provided with the router.
- If you can’t find the manual, look up your router here. For every router model, there’s a default IP address, login, and password indicated (yes, hackers can see all this, too).
- Enter your router’s default IP address (such as 192.168.1.1) in the search bar of your browser.
- When a login window opens, enter the default login and password.
- On the following screen, find an option to change your router and your Wi-Fi network logins and passwords. These are two different pairs of credentials. Be sure to make up long and complicated passwords that you don’t use elsewhere.
How to change your smart device’s password
This is trickier, as there’s an enormous variety of smart devices with different security settings. Your best first step is to google your gadget model for details.
2. Review your app’s access permissions
If you control your smart device with a mobile app, make sure it doesn’t abuse your privacy by collecting unnecessary data. For example, your fitness tracker hardly needs access to your phone. Look through the privacy settings and turn off any excessive permissions.
How to check your app’s access permissions:
- Android: Settings -> App Settings -> Installed Apps -> Your app -> App permissions
- iOS: Settings -> Privacy -> Permission -> Check if your app is listed
The path may slightly vary depending on the version of your operating system.
3. Keep your smart devices updated
Software updates are vital for your smart gadgets’ protection as they can contain security fixes. Make sure automatic updates are turned on in the associated app. Otherwise, go to the website of the device’s manufacturer for details about updating.
4. Don’t publish your smart gadget’s model
It’s only natural if you want to boast about your wonderful new Christmas present on social media. However, we’ve just seen how easy it is to find default routers’ passwords. Similarly, hackers can search for preset passwords to smart gadgets as well as their vulnerabilities. So, if you’ve got a fancy smart home security system, don’t share the details on social media. It’s like challenging the invaders to crack it.
5. Disconnect what’s not in use
Don’t leave a smart toy connected to the web when your child isn’t playing with it. Who knows, maybe that doll left in the corner a month ago has joined the same gang as your fridge? The same goes for your smart TV, speaker, or anything that can collect information about you.
We hope our tips help you and you keep enjoying your shiny new techy presents. Now you know a bit about the benefits vs risks of the Internet of Things, check out what we call “The Internet of Us”.
Meanwhile, at Clario we’re hard at work on creating a best-in-class tech solution for your digital safety fused with expert human help 24/7. We’re eager to help and support you, so stay tuned for more updates!
We’d like to stay in touch.
We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.
Thanks for your subscription!
You’ll be the first to know about our updates. Please keep an eye on your mailbox.