Is Your Smart Home Dangerous?

Your smart home can turn on you – Be afraid. Be very afraid…

These days, even Boomers have a home that’s smart to some extent. It doesn’t seem unusual anymore to tell your refrigerator to add milk to the digital grocery list.

People are ‘smartening up’ their residences for convenience and efficiency. You can control your lights and thermostat with a smartphone app, which means no more driving home through 100-degree weather and then waiting for the A/C to kick in. Having a virtual assistant like Alexa at your beck and call is also very handy.

Even as we embrace the convenience, it's essential to consider the potential risks and take proactive steps to ensure that your smart home doesn't turn against you. Most consumers with smart homes don’t have IT services, let alone a Managed Services Provider (MSP) at their disposal.

Newspaper headlines have pointed out some of the vulnerabilities of smart home technology. The New York Post ran an article titled "Locked out, hacked, told to go to bed: When Smart Homes Turn on Owners".

The article in the New York Post describes a few separate smart home nightmares. A new owner of a smart home unexpectedly got locked IN because the prior owner had left preprogrammed settings, one of which was an 11:30 pm lockdown - the home told him it was time to go to bed and locked every door in the house.

In another bizarre event, a woman was terrorized by strange lights and sounds at home. It was not necessarily the smart home’s fault - it turned out that her ex-partner was maliciously manipulating the smart technology.

The question is: How can you avoid similar experiences as your homes get smarter? Let’s explore some key strategies to protect your home and your privacy.

Who controls your smart home?

Ultimately, you do – but don’t delegate too much of your power to your devices. The smart home ringleader is a master home automation controller or smart home hub, who manages your devices like a butler overseeing the servants at an elegant estate.

Let’s look at ways to maintain firm control:

1) Secure Your Network and Wi-Fi

The foundation of any smart home technology is its network, so just as you wouldn't leave your front door wide open, don’t neglect your Wi-Fi security.

Make sure you do these things:

The default passwords that come with your devices are typically already known or are easily cracked by hackers. Change your router's default password to something strong and unique. While not commonplace, there are cases of hackers turning up the HVAC system to 100 degrees, then demanding a ransom to get control back.

Use WPA3 encryption (look for Wi-Fi 6)

Isolate your smart devices from your main network by creating a separate guest network.

On a regular basis you need to update your router's firmware to ensure that it's equipped with the latest cybersecurity patches. This can often be set up to update automatically – look for devices that do this.

2) Use Strong Device Passwords

While you set up your smart devices, change the default passwords to strong, unique ones. DO NOT using easily guessable passwords like ‘123456,’ the world’s most common and easiest to crack password. PS: using ‘654321’ is just as bad. Use a combination of upper and lower-case letters, numbers, and symbols. For added security, consider using a password manager.

3) Enable 2FA or MFA

MFA (Multi-Factor Authentication may not be available, but a lot of smart home device manufacturers offer 2FA (Two-Factor Authentication) as an extra layer of security. After entering the password, 2FA will require another step: perhaps a security question or a code sent to your mobile phone. By enabling 2FA you can keep people out, because even if they get your password, they don’t have your phone. This is true even if someone manages to guess your password. This provides an extra safeguard against unauthorized access.

4) Regularly Update your Firmware

Just as with your home or work computers and networks, regular updates are essential for fixing security vulnerabilities in your smart devices. Manufacturers release these updates to patch discovered weaknesses. Make it a habit to check for firmware updates regularly and apply them promptly. ‘Out of Date’ means ‘Up for Grabs.’

5) Choose your Devices Wisely

It’s a mistake to assume that all smart devices are created equal in terms of cybersecurity. When choosing new devices for your smart home, research the manufacturer's reputation. Look for products that have a history of prompt updates and robust security features. Avoid purchasing devices from obscure or untrusted brands. Spend the money.

6. Isolate your Most Sensitive Devices

If possible, segregate your most sensitive (and potentially dangerous) devices onto a separate network. For example, use a dedicated network for:

Smart locks

Security cameras

HVAC

and other critical devices.

Separating theses from your less critical gadgets like smart bulbs, smart litter boxes (Yes, they are out there) or speakers keeps them safer because even if a hacker compromises one network, the other devices remain secure.

7) Check your App Permissions

Many smart home apps request access to various permissions on your devices. Before granting these permissions, consider what data the app is trying to access and decide whether it's really necessary for the device's functionality. Restrict permissions to the least required for the device to operate.

8) Be Wary of Voice Assistants

Alexa CANNOT be trusted! Voice-activated assistants like Alexa and Google Assistant are incredibly convenient but can also pose privacy risks. Review your voice assistant's privacy settings. Be cautious about what information you share with them. Consider muting the microphone when you're not actively using it. This prevents unintended eavesdropping – all the data on Alexa is sent back to Amazon.

Have you ever spoken to someone about needing a new item, like a blender – and then see ads for them coincidentally pop up on your phone? Don’t trust Alexa – she’s a spy!

9) Review your Devices Regularly

You should check the status and activity of your smart devices on an ongoing basis. Look for any unusual behavior, like devices turning on or off unexpectedly or unknown devices appearing on your network. If you notice anything suspicious, investigate and take prompt action.

10) Analyze your Devices’ Data Usage

First, read your smart device's privacy policy very carefully. Get an understanding of how it uses your data. Some devices may collect and share your information with third parties (like Alexa with Amazon), so having them is akin to inviting a spy to take up residency in your home. Your collected data can be, and very often IS, used for advertising or other purposes. Make informed decisions about the devices you bring into your home.

11) Keep yourself Informed

It’s important to stay informed about the latest developments in smart home cybersecurity. You can do this by subscribing to security newsletters, following reputable tech blogs, and keeping up with news articles like the one in the New York Post. The more you know, the better equipped you'll be to protect your smart home.