How to Keep Your Smart Home From Being Hacked

Your home security devices might not be as secure as you think

Photo of using a phone to access smart home devices.

geralt/Pixabay

 

Having a smart home is a convenience that more households enjoy every year. Unfortunately, with that convenience comes brand new dangers.

Nearly every smart home device is accessible from the internet. This is meant to provide you, the homeowner, the convenience of monitoring and controlling your home. Unfortunately it opens new doors into your home for hackers.

Can Your Smart Home Be Hacked?

If you're doubtful whether your smart home can actually be hacked by anyone, consider the fact that many smart homes already have been hacked.

  • Mirai Botnet: Leading up to 2016, hackers gradually infected thousands of home wi-fi cameras and routers with malware that stayed dormant and waited for an activation signal. The signal unleashed a massive attack that turned those smart home devices into a large bot-net. This attack used those devices to take down large websites like CNN, the Guardian, and even Twitter and Netflix.
  • Baby Monitor Security Bug: In February of 2018, Forbes reported that 50,000 MiCam baby monitors had a serious security bug that would allow hackers to intercept traffic between a parent's phone and the baby camera. The hack made it possible for hackers to see everything the baby monitors could see,
  • TRENDnet Webcam Hack: In 2012, a company called Trendnet sold SecurView cameras for consumers to use for home security and baby monitoring. Security experts discovered that user login credentials were being transmitted in plain text over the internet, giving hackers the ability to steal the credentials. This would allow attackers to view the camera and listen to its microphone.
  • Samsung SmartThings Bugs: In July of 2018, Cisco security experts revealed that they'd discovered over 20 vulnerabilities in the Samsung SmartThings Hub. These bugs could allow hackers to unlock smart locks, view smart cameras, disable motion detectors, and control home thermostats.

On the surface, it doesn't seem important if someone can access your smart home devices, since they're simply a convenience for homeowners.

However, using information gathered from these devices, criminals could learn your patterns and estimate the best timeframe to break into your home when you're not around.

This doesn't mean you should avoid using smart home devices. It just means you should purchase devices wisely, and follow a few simple rules to secure them.

Ensure Frequent Firmware Updates

Screenshot of Google Home app and website firmware.

One of the most important protections you have against hackers are the programmers who work for the companies you buy these devices from.

Whenever security bugs are discovered, programmers work quickly to patch them. The patches are then pushed out automatically to customer devices.

Unfortunately, not all consumer smart home devices offer firmware updates, so make sure to check on this before buying.

You can also ensure the firmware is the latest by checking the device or app settings and comparing to the latest firmware on the company website. The screenshot above shows the firmware on the Google Home app showing a version higher than the latest posted on the Google Home website.

Most companies "push" firmware updates automatically so you don't have to do anything. However with other smart home devices, you need to manually update firmware using the device settings or the mobile app.

Change the Device Default Password

Screenshot of D-Link website page to change password

One of the most common mistakes people make when buying smart home devices is that they set up the device and leave the default password unchanged.

In the case of some devices, like the D-Link wireless camera, there isn't even an admin password by default. This is the worst scenario, because anyone with access to your home wireless network could easily connect to the camera and see what the camera sees.

Most smart home devices let you change the default admin password on the mobile app, or the cloud based interface. This is usually found in the settings area.

The first thing you should do when you buy a smart home device is change the default admin password. Also, use a unique password that you haven't used on any other device.

A good password is your primary line of defense against hackers. Make sure to make your passwords complex and use special characters. Learn more about the rules behind crafting secure passwords.

Secure Your Home Router

Screenshot of changing a home router password

The most common path hackers take to access your smart home devices is through unsecured home routers.

This means that your first line of defense is to fully secure your router so that hackers can't use it. There are several things you should do immediately to lock down your router from hackers.

Access the default IP of your router. To find the router IP, on a Windows computer connected to your home network:

  1. Click the start menu, and type command prompt, and click to open the command prompt.
  2. Type the command ipconfig, and note the IP address of the default gateway.
  3. Open a web browser and type in the default gateway IP address.

You'll see a login screen for your home router. If you've left the password as default, you can log in using that password (check the device manufacturer website for the default password if you don't know it.)

The following are a few easy ways to make sure your router is fully secure.

  • Change the default admin password to a unique one you don't use anywhere else.
  • Enable the router firewall, and set it to either medium or high.
  • Under Advanced Settings, ensure Port Forwarding is disabled.
  • Enable Wi-Fi security and make sure the password is complex and unique.

Learn more about the proper takes to step to secure any internet router.

Be Careful with Third Party Connections

Screenshot of D-Link third party applications app.

As more smart home device manufacturers offer cloud-based solutions for accessing those devices from the web, the odds of a hacker getting access to your cloud account continues to increase.

This doesn't mean you shouldn't use cloud-base interfaces to access your devices. But it does mean you should make sure those cloud accounts are locked down with a strong password.

Unfortunately, a strong password isn't enough if you share the password with potential hackers. You may not willingly do that, but by integrating that cloud account with third-party services like IFTTT, Zapier, and others, you increase the chances of that account getting hacked.

You can reduce this risk in several ways:

  • Limit third-party access to just a few services.
  • Only integrate with reputable services like IFTTT or Zapier.
  • If possible, add the integration from the smart device app and not the third-party website.
  • Confirm the third-party service uses encryption for all transmissions to and from the service and your device.

Remember that once you open up access to a third-party service, all a hacker needs to do is hack that service, and they'll have access to your smart home device.

When you enable access for third party services, try and limit that access as much as possible. For example only allowing access to motion detection rather than a wi-fi camera video feed is a good way to maintain your smart home security.

Secure Your Mobile Phone

Mobile screenshot of Kaspersky Antivirus for Android

If a hacker can't access your home router or get access to your smart home devices through third-party cloud services, there's one more point of weakness they can exploit. Your phone.

Nearly every smart home manufacturer offers a mobile app that lets you control or monitor those devices over your in-home wireless network. If a hacker can get access to your smart phone, they can access those smart home devices.

There are easy ways to protect yourself from this line of attack.

When you use your mobile phone to access your smart home devices, it's more important than ever to take the security of your mobile phone very seriously.

Keep Critical Smart Home Devices Offline

Photo of a smart home door lock.

A common method thieves use to break into homes is to first break into your car and steal the garage door opener wireless controller. Then, once you leave for work, they use the garage door controller to open the garage and walk right into your home.

These days, as more homeowners install front door smart locks and smart garage door openers, there are other ways for thieves to get in.

If those smart devices are connected to a cloud-based account, hackers only need to hack your accound and they have access to your home. This is why if you depend on any smart home device to protect your home's physical security, it's smarter to opt out of any cloud access at all.

Buy home security smart home devices that only allow you to access them when you're connected to your home's wireless network. Better yet, buy ones that only communicate over bluetooth and require a secure password for that direct access.

Limiting access to these devices through only one path will dramatically improve your smart home security.

The Importance of Smart Home Security

The more smart home devices that enter the market, the more hackers will work hard to penetrate the security of those devices.

This is because with more homeowners depending on these devices, there are more opportunities than ever before for hackers to invade your privacy or break through your home's physical security.

Following the guidelines laid out in this article, you'll ensure that you're always one step head of the hackers who hope to do you and your family harm.