Smart technology is convenient and fun to use—a lot more fun than dwelling on their security concerns. We’re here to inform you of the risks of IoT and smart home devices so you can decide for yourself whether to use them and how to boost your online security.
Here are a few devices likely in your home right now that you might not realize can make you more vulnerable to cybercrime.
[Get more privacy tips. Sign up for the ExpressVPN Blog Newsletter.]
1. Smart doorbells
A British security consultancy did a study of smart doorbells in November and found multiple security flaws that could allow hackers to steal network passwords and attack routers, thereby also hacking other connected devices. In the worst individual case, a Victure smart doorbell was found to be sending sensitive unencrypted data to servers in China.
2. Smart smoke detectors
New smart smoke detectors have useful features such as the ability to differentiate between carbon monoxide and smoke, but they also connect to and communicate with your phone through apps and can engage with other smart-home features, like making smart lights flash in case of emergency.
These features have their merits, but the interconnectivity of these devices makes them vulnerable, and they can also be used to create a distraction if there is some kind of physical break-in.
3. Smart thermostats
Smart thermostats can save us money and make our homes more environmentally friendly: They can collect information on our usage patterns and find the right times to turn off heating or air-conditioning.
However, not only are they often app-driven, giving them a link to our phones, there have been serious security issues in the past. For example, the Google Nest learning thermostat had a device firmware update mode that was designed for diagnostics and repairs but was exploitable by hackers who were able to use it to run their own software from the thermostat remotely.
4. Smart lights
Like smoke detectors, smart lights come with the dual cybersecurity concern that they can be used as a network entry point and if hacked can help to facilitate a physical crime.
5. Smart toilets
To be fair, the smart toilet is not a device that many of us are blessed with. But the fact that toilet security is even a concern speaks volumes about how far-reaching IoT devices have become in our homes.
Seven years ago, security researchers from Trustwave made a splash (no pun intended) when they revealed serious security flaws with My Satis toilets made by LIXIL that could allow a hacker to remotely open and close the toilet’s lid, activate the bidet, or flush constantly.
While this isn’t a problem that the majority of people need to lose sleep over, it provides food for thought for those who’ve gone the extra mile with their bathroom technology—and provides an instructive example that cybersecurity needs to be a priority in every room of your house.
What do attacks on IoT on smart-home devices look like?
There are various dangers or disruptions that can happen if your internet-connected appliances are hacked in isolation—for example, your thermostat being turned up or a creepy voice coming out of your security camera. But perhaps the greater concern is a successful hack into your device creates an opportunity for an attacker to gain access to your network, including, say, your laptop. Finding a place to begin to operate within that network is often the primary goal of targeting smart appliances.
If you’re working remotely, an example of a logical initial access point would be your printer, which is in direct communication with your computer, where not only might your personal data reside, but it may also connect to the corporate network of your employer. Whatever the exact case may be, the objective of a cyberattacker is to gain an initial foothold in your network. Once that happens, it opens the door for them to move laterally within it until they find their target.
It’s possible for someone skilled enough to breach the network of a large organization through a seemingly benign device like a smoke alarm and work their way into an enterprise HQ network, opening the door for DoS attacks or ransomware attacks. For an individual, the results might not be as dramatic, but the process is the same. Find a weak link to gain purchase in a network, then work towards the real target. In a home outfitted with smart devices, there are a significant number of avenues to make that happen.
Tips for securing your smart home devices
Change your device nicknames
One of the simplest tips for securing your devices is changing their nicknames on your Wi-Fi to make it unclear which one is which to anyone but you. That may sound like a rudimentary solution, and it is, but someone who’s looking to break into your network may have particular devices in mind that they see as vulnerable, and you have the ability to muddy the waters slightly.
Put your devices on separate networks
You can also keep IoT devices in your home with less sophisticated security on a separate network from your laptop or phone—or whatever devices that contain the most sensitive data or passwords. Your smart refrigerator doesn’t need to communicate with your computer to function properly, so there’s no need for them to be on the same network. This strategy cuts down on the access points to your more valuable data.
Another way to cut down on access points is to consider how “smart” you need the items in your house to be. Smart locks and doorbells feature impressive technology, but the analog versions perform their functions fine and don’t add to your cybersecurity headaches. A home assistant may seem convenient, but you were probably doing fine without one a couple of years ago. We’re not here to tell you what kind of items to fill your home with, but it’s worth mentioning that the best way to avoid some of these concerns is to decrease the size of your IoT footprint.
Read more: Is your car spying on you?