We know that any incorrectly installed Smart Home devices are intrinsically prone to hacking. If you haven’t set up the security properly by only using default settings there’s a very good chance your device is going to be scanned and someone, somewhere, could use the weakness in your Smart Home environment to gain access to your home, steal personal data, or use your accounts to launch further DDoS attacks.
We also know that even making a minimal effort to protect your data and property by using unguessable names and strong, complex passwords will deter almost all attempts to attack your Smart Home devices. If you happen to own something of particular interest to the person who is keen to find out your access codes then they may try to probe deeper, but for the most part scans are carried out by bots testing default passwords against an array of devices in the hope that someone will have forgotten to secure them.
More Users, More Problems
The problem is that many Smart Home devices are designed to have more than one user, but not to have sporadic temporary users. And that can be a problem. Some people need or demand access to devices they don’t understand or refuse to learn how they work. This means that they get things wrong, change things which shouldn’t have been touched, which often it means having to change everything or revert to default to fix what they messed up. Do this too many times and it becomes frustrating for all the other users to get locked out all the time, so defaults become the standard that everybody uses again.
Devices such as Smart doorbells, smoke/fire detectors, thermostats and lights all require you to let everybody in the house, and an unquantifiable number of guest users to be able to access the settings, depending who lives with you and who you have visiting your home. You, your partner and your kids might be just fine getting along with all those devices just as they are, but your sister’s idiot boyfriend who burns the toast on Christmas morning, sets off the smoke alarm and panics, mashing the display panel and changing a slew of settings in his attempt to silence it is always going to be a loose cannon on deck.
Privacy Settings Let You Keep Surprises Secret
There’s more to securing your settings to just preventing people, welcome or not, accessing or changing your account. You can adjust your guest settings to prevent children seeing things that you might be interested in after they’ve gone to bed. Things such as gory horror movies and music with a lot of swearing in the lyrics for example. If it’s your partner’s birthday, or there’s a celebration coming up and you want to buy a surprise gift you may want to conceal your browsing history. And of course you don’t want people being able to access online wallets or saved shopping details.
A key point here: we recommend you don’t register your card details when offered the choice at checkout, no matter how often you use the retailer. It may save you a few keystrokes, but in the long run not only are you storing your card details on a server heaven knows where, if your phone or laptop are lost or stolen, or your kids fancy doing a bit of retail therapy, or you’re guilty of shopping while under the influence yourself, then those details are there, a temptation just waiting to be used.
Hacking into your smart home environment puts your financial and personal details at risk, and there are all kinds of chinks in the armour that you should be aware of when adding any new devices. For example, burglars used a casino’s unsecured thermometer in a fish tank to steal the data of a slew of their richest clients. Now, that’s slightly beside the point as we’re only considering the devices that your family and friends might need access to, yet it demonstrates the point that ANY vulnerability can be exploited if security isn’t always at the forefront of your thinking.
Securing Your Devices
Make sure that the only people who have access are those who really need it. This may sound obvious, but it’s easy to just hand over a device’s nickname and password to a friend who wants to come and visit for a few days, or a builder or decorator who you want to be able to come and go as they please to carry out a job without you having to be in all the time.
If you have the option on your particular device, ensure that they only have temporary access which you can revoke as soon as they no longer need it. It’s far easier to kick one person off than it is to change and update all your details for those who do need access. If temporary access isn’t an option it’s worth considering changing your log-ins down to something very basic for the duration. If it’s easy to remember then you won’t have to keep reminding people of it by writing it sown or sending it via text or email, and you can change it back to a long, complex name and password once they have left.
A Guest Network Improves Security, Who’d Have Guessed!?
Your router undoubtedly has the option for guest networks. You may not have even considered why, but a guest network is your friend when it comes to online security!
Keep your smart devices on a separate network from that which you use for your computer or phone or any other device which has access to the internet. Your Smart Home products will still get all the data they need to work properly, but they will be isolated from the World Wide Web, making it a great deal harder for hackers to access from outside. Of course there are some Smart devices which are going to need to get access to the internet, but things such as your lightbulbs or radiators don’t, and the judicious application of strong passwords will keep those which do secure.
Originally published at https://briantcomms.substack.com on September 17, 2021.