People have embraced the concept of the smart home with open arms. Statista*, an online portal for statistics, forecasts 44.7 million smart households in 2020 alone in United States. With the smart home technology, users can literally control everything at home with a single gadget like smartphone. Lights, kitchen appliances, climate controllers, entertainment systems, door locks, security alarms, and surveillance cameras are few of the examples that can be controlled from a single device. The things, however, must be smart to become part of the smart home. Only those devices fall in the “smart” category that can be connected with other devices through some medium like the internet. Although the idea of a smart home gives peace of mind to homeowners, the concept of “connected devices” also brings fair worry in their minds. The hackers can break into someone’s home physically or virtually by compromising the smart home devices. Following is a brief overview of consequences of cyber-attacks on smart homes and how to protect your home from these cyber-attacks.
SMART HOMES SECURITY CONCERNS
The idea of smart home sounds cool, especially when the doors automatically open at your arrival, lights turn on, and the entertainment system starts playing your favorite song. But this joy can turn into a nightmare if the same devices start obeying someone else who does not own the house. One compromised computer in a network can give hackers access to other computers. Similarly, one compromised device in smart homes can give access to the entire home. Hackers may not be interested in home entertainment system or light bulbs but these devices can act as an entry point for them. By compromising these smart household devices, an attacker can escalate his privileges by getting access to your router or even a computer device that contains your financial or critically important data information. The following examples show how cybercriminals can compromise your home safety, data security, and privacy.
1) A hacker getting access to smart locks in a home can easily control the movement in a house. The cybercriminals can block the owner from entering into the house or even lock someone at home by refusing any door opening commands.
2) A smart baby monitor may contain two-way audio-video functionality to monitor infants and pass voice commands. A compromised baby monitor can allow an attacker to control these audio-video functionalities to record audios and videos of home members. By doing so, the hackers not only compromise the privacy of the home members, but they also spy on the people in the vicinity.
3) Smart assistants are intelligent devices that can respond to users’ commands, providing valuable information to the users and assisting in controlling connected devices. The number of smart assistants in 2020 shall be around 4 billion. The number of smart assistants may rise to 8 billion in 2023 (Statista**). Sometimes, people do share their sensitive information like passwords with smart assistants. From hacker’s perspective, smart assistants are low hanging fruits. Compromising a smart assistant means getting valuable sensitive information like passwords and controlling other smart devices in the vicinity that are controlled by a smart assistant.
SMART HOMES SECURITY TIPS
Almost every device in a smart home can be compromised. Some devices are more vulnerable; others are less prone to cyber-attacks. For example, outdoor devices with Wi-Fi transmitters are more susceptible to cyber-attacks than indoor smart appliances. Therefore, we can apply a different level of security, depending on the likelihood of cyber-attacks on the devices. Smart homeowners/designers can consider the following tips to enhance their smart home security.
Perform Risk-Benefit Analysis
Performing a risk-benefit analysis is probably the foremost requirement in designing a smart home. No smart device is 100% secure. Therefore it is always a good idea to compare the benefits of the devices and the associated risks. By analyzing the acceptance level of risk for a certain device makes the choice easier for smart home designers/owners.
Change Everything “Default”
Many smart home devices come with default passwords and settings. The default passwords are publically available over the internet. It is highly recommended to change these default passwords. Sometimes, it is also viable to change the default settings of smart devices to make the hacker’s job more complex.
Secure the Wi-Fi Medium
Wi-Fi is the default medium used by smart devices at homes. An insecure Wi-Fi means no security at all. Securing your Wi-Fi network should be on your priority list. Change the Wi-Fi default password, rename the access point(s), and close an open access to your Wi-Fi network. If there are many Wi-Fi users at home, try to build a separate Wi-Fi network for smart home devices.
Verify Device Authenticity
Smart homes are scalable. We can add or remove smart devices from the network. Sometimes, we replace the existing malfunctioning devices with the new ones. In all cases, make sure the newly installed devices are authentic. Many manufacturers provide online device authentication facility to the consumers.
Register Devices on the Network
Don’t allow unregistered devices to become part of smart homes. It is possible to use many smart home devices as guests. However, it is always recommended to register the devices with the network so that only authorized devices can communicate and perform within the network. Allowing guests devices to become part of smart homes can benefit the intruders in the same way. An intruder with a smart home access via guest device can easily compromise the whole network.
Use Strong Passwords
There are a number of open-source files with billions of default and easy to remember password strings. Hackers use these files in brute-force attacks. The consumers are advised to use fair length, strong alpha-numeric passwords to extend the password key size so that the brute-force attacks should not work on smart homes.
Apply Two-Step Verification
Two steps verification adds an extra layer of security to the network. Practices like out-of-band-authentication makes the hacker’s job more complex.
Limit the Devices Privileges
Different research studies show that many smart home devices are over-privileged. Devices with unnecessary privileges broaden the attack vectors for hackers. Therefore, it is important to limit the devices’ privileges to their tasks.
Update Software Regularly
As the technology evolves, manufacturers release new updates for their devices. Sometimes, these updates are patches for existing vulnerabilities. The users must keep their devices updated with new releases by the manufacturers. Some devices may get alerts from manufacturers upon a new release of updates. Others may require manual updates-check through the manufacturers’ website. In both cases, update your devices to the latest version.
Audit the Home Network
Audit your home network after a fixed period of time, no matter how secure your smart home network was at the time of installation. Sometimes, vulnerabilities reside in the network that can only be unearthed by professional security auditors.
Summary
With the emergence of technology, hackers use advanced and more sophisticated techniques to compromise smart homes. Smart homeowners are advised to draw a line between the comfort they get from smart home technology and the cyber-risks they bring into their homes in the shape of vulnerable smart gadgets.
References
Statista Smart Household Statistics*: https://www.statista.com/outlook/279/100/smart-home/worldwide
Statista Smart Assistants Statistics**: https://www.statista.com/statistics/973815/worldwide-digital-voice-assistant-in-use/