Did you know that over 30 billion smart home devices will be in place in homes worldwide, a truly staggering number.
While continuing the explosive growth, it's great news for consumers and manufacturers. However, increasing the connectivity comes the obvious IoT security threats.
We’ll look today at how your smart home might be vulnerable to attack. This is not an alarmist look at improbable outcomes, but a straightforward breakdown of some of the drawbacks of the Internet of Things (IoT).
The good news?We also have some simple countermeasures to help you fight back. Here at SmartHome, we’re all about bringing you solutions and making your life easier every step of the way through your connected home.
Is Your Smart Home Vulnerable?
Unfortunately, while IoT devices are remarkably convenient, they offer cybercriminals yet another point of entry into your home.
Digital assistants have invaded homes worldwide in the form of Echo and Google Home devices. If you’ve shared sensitive information like passwords or bank details, they could be compromised in the event of any form of digital intrusion.
The same goes for smart WiFi thermostats since they often come with Home/Away modes, making it plain to a hacker when you’re out of town.
Is your baby monitor vulnerable to someone who wants to hijack your webcam? Maybe. Like many of the threats we’ll be highlighting, this is improbable but that doesn’t make it impossible. We’ll look at how individual devices could be susceptible to IoT security threats.
Cybercriminals can gain access to your smart home through malware. Last year, the VPNFilter Malware infected 500,000 routers across 50 countries, so this threat is clear and present. At the lowest level, you might find network traffic to be congested or blocked. This malware can also steal your passwords and collect other information through your router. Symantec offers a free online tool to check your router against this infection.
Back in 2016, the Mirai botnet hijacked the power of hundreds of thousands of IoT devices, so as to launch larger-scale cyberattacks on PayPal, Netflix, and Spotify.
These are just a few ways in which your smart home could potentially be penetrated. We’ll move now to a basic blueprint for making your smart home safer and how to keep it protected from IoT security threats.
Why Are Smart Homes Vulnerable?
The root issue is that most connected devices don’t place a premium on baked-in security. Routers and cameras, in particular, are among the most attractive targets for hackers since they’re relatively insecure.
Often, the default passwords – these can sometimes and inexcusably be hardcoded – are weak and easy to exploit.
Systems are not hardened, and often there is poor provision made for updating software.
What can you do about this, though?
General Guidance For Ensuring Strong IoT Security
A strong smart home begins with a secure WiFi network, so think about these simple steps to ramp up security.
- Get Cryptic with Your Network Name: The default name of your router displayed is often all a hacker needs to determine its make and model. From there, accessing your devices is simple. Rename it giving no clue whatsoever to help any wrongdoer on their way
- Set Up a Guest Network: This is not a slight against friends and family, but a simple security measure worth implementing. No guest needs full access to your network. And let’s face it if you have teens with a houseful of random visitors, how do you know whether they’re really friends with your kids or just acquaintances? Guest networks are easy to set up and provide basic Internet privileges without compromising anything sensitive. Don’t feel guilty about this.
- Immediately Change Default Credentials: Most devices come with standardized usernames and codes. It doesn’t take much digging for a hacker to make use of these credentials. Change them to something strong using numbers and symbols. Avoid using the same password you use elsewhere
- Keep Software and Firmware Updated: Rather than dismissing those notifications to update software and firmware, take action. It might stop you in your tracks for a few minutes but could very well lead to an IoT security patch or valuable improvement. So, don’t skip the updates.
- Reset Router Frequently: You don’t need to go over the top here, but an occasional reset can minimize the chance of VPNFilter Malware taking over your router. This takes next to no time and is worth doing every couple of weeks.
- Thin Out Default Settings for IoT Devices: The majority of IoT devices come with pretty much every feature activated. Remote access? Handy if you use it, but a security risk if you don’t. Take a few minutes to scour through the settings and disable those that don’t serve you.
- Activate Two-Factor Authentication: While receiving a code pinged to your smartphone when logging in might seem like a hassle you don’t need, but adding this extra layer of authentication is well worth the minor inconvenience.
- Avoid Public WiFi for Remote Device Management: It might be tempting to use a public WiFi network when you’re out and about to manage your smart devices. It’s a bum move for obvious reasons. If you insist on using public WiFi, be aware of the risks. You can mitigate them to some extent by using a VPN, but our advice is not to use these unsecured networks at all for device management
3 General Threats and How To Fight Back
We’ll look at 3 threats to the IoT security of your connected home, along with some simple pointers on protecting yourself:
- Privacy, Data, and Identity Theft
- Device Hijacking
- PDoS Attack
1) Privacy, Data, and Identity Theft
From smart devices and appliances through to wearables, a significant amount of data is collected in the smart home of 2019.
Unfortunately, this can be exploited if it falls into the wrong hands for fraudulent transactions, or outright and deeper-seated, identity theft.
Robust authentication and encryption should keep all but the most stubborn attackers at bay. You should also pay close attention to access control.
Privacy is a huge issue these days with breaches occurring everywhere, from Facebook to online banking. Smart devices are no exception to a menacing global trend that shows no signs of abating.
2) Device Hijacking
An attacker can hijack your device and take charge of it. We’ll touch on this more fully below. Since the inherent functionality of the device appears unchanged, device hijacking can initially be tough to detect. Until, of course, your thermostat starts going haywire or your TV behaves strangely.
The inbuilt sting is that a single compromised device can infect others.
Since the threat of this type of attack is mild, you should simply double down on device ID while also making sure your access control is locked down.
3) PDoS Attack
With a Permanent Denial of Service (PDoS) attack, devices can be damaged so ruinously that they'll need a hardware replacement at best. They could possibly even need a complete replacement.
Regular security monitoring is a must and, as with other threats, pay attention to:
- Access Control
Look into a VPN our a virtual private network to secure your home Wifi systems. This article will go through 7 reasons why you need a VPN for your router. Eliminate the threats in all of your smart home devices and computers.
Vulnerabilities in Smart Devices
That suite of smart devices in your connected home undeniably streamline your life and in many ways, help to ramp up security.
What about the flip side of that coin, though?
Sadly, there are a few vulnerabilities that it pays to be aware of. We reiterate these attacks are wildly unlikely. We’re here to educate not scare you, but it pays to know as much as you can about any weaknesses in your IoT security. That way, you can remain on guard and take action when required.
Here, we’re only underscoring the potential flaws rather than looking at general security strategies and countermeasures. Following all the advice above should keep you pretty well protected.
15 Ways Hackers Can Compromise Your IoT Devices
Cameras: Smart wireless cameras are the first line of defense in any smart home security system, yet they can also be used against you in the wrong hands and can face huge IoT security threats. Hackers can get hold of serial numbers using brute force attacks. Equipped with these, they can intrude upon both video and audio feeds. It’s not out of the question that the entire network could be hijacked.
Fridges: Smart refrigerators are not cheap. As such, they’re not commonplace in the average smart home, yet they are popular enough to rate a mention. These fridges mine a great deal of data about your eating habits, so make sure you’re comfortable with that. Worse still, though, since smart refrigerators stop serving up security updates after a while, which renders your home vulnerable to digital intrusion. Hackers could also order groceries while tampering with the settings and spoiling your food
Garage Doors: While it’s incredibly convenient to arrive home and have your smart home garage door automatically open thanks to the geofencing on your smartphone, the opener collects data about your comings and goings. A tech-savvy hacker could potentially use this information to gauge when your home will be empty and ripe for plundering.
Lights: Smart lighting is one of the most common entry-points for automating your home. Unfortunately, they can also be hacked from a distance through the radio signals emitted. This might only be a question of someone messing with your smart light bulb settings, but they are nevertheless not safe from harm. In the worst scenario, your entire power system could be overburdened and brought to its knees.
Locks: Clearly, your entry system is the one area of your home you absolutely don’t want to be compromised. Many smart homes have an August Lock, Nest Yale Lock, or another popular door lock protecting their home. Unfortunately, regardless of which lock you use, Bluetooth leaves your smart lock vulnerable to hacking. You should think very closely about which type of smart lock to install, and don’t upgrade your locks unless you’re comfortable with the idea in principle. The last thing you need is to feel at risk if a regular lock and key works well for you. Spend your budget elsewhere in your home instead.
Smart Speakers: Alexa and Google Assistant are ubiquitous in smart homes the world over. Their always-on nature exposes them to more risks than the average device, though. The security risk here is more down to data collection with details of your music and TV habits, along with any conversations being collected. You need to think about your attitude toward this data mining before committing to purchase.
Smart TVs: Again, it’s data that can be used to ill intent with smart TVs. A hacker could also perhaps display inappropriate which could be embarrassing or downright distasteful if you’ve got young kids at home.
Thermostats: While there’s no acute security risk with smart WiFi thermostats, hackers are generally malevolent. Much like common street vandals, there’s often nothing but malice behind their efforts. Using the source code of the log-in page, hackers could potentially raise or lower the temperature in your smart home dramatically
Vacuum Cleaners: Robotic vacuum cleaners save you a great deal of time and effort. If hacked, though, sensitive information about the floor plan of your home could be revealed, along with general movements of residents. Are you always out at a certain time when the vacuuming is scheduled? If so, a hacker becoming aware of your vacant home could smell bad news.
Washing Machines: Smartening up your washing machine is a slick move. Bear in mind, though, hackers could exploit connectivity glitches or weak points in the mobile app to gain control of the appliances in your home.
Smart Toilets: Some with ill intent who gains access to your smart toilet could end up wasting water by tampering with the flush and bidet functionality. A water leak sensor placed underneath your toilet is an easy solution. If there is any overflow or excess amount of water around your toilet, you will be notified immediately.
Coffee Machine: You might wonder why on earth anyone who wants to tamper with your coffee machine. Unfortunately, pure malice runs beneath most hacking endeavors so don’t seek out logic where there is none. Someone accessing your smart coffee machine could mess with the brewing process or even break the machine completely.
Smartwatch: When a hacker gains access to your smartwatch, they can end up spoofing other devices hooked up to the wearable with the express intention of stealing data.
While these IoT security threats can be daunting and problematic, they can also be prevented. Just remember to take the necessary steps to protect your home and IoT devices, and you should remain unbothered by hackers.
A connected home is great, but make sure you have a secure connected home.
Next week, we’ll be rolling out more of the latest smart home news, along with a glimpse at some of the most innovative products to add to your arsenal. Bookmark our blog, follow us on social media and come back soon!