So you have a smart home... now what?

So, You Have a ‘Smart Home’…Now What?

So, You Have a ‘Smart Home’…Now What? 1200 628 N2K

Written by Tim Stover, Content Developer

I am a cyber security professional. I teach cyber security for a living. 

There is, and I’m not even lying,…. Amazon’s new Ring camera drone that will fly around your house to “help you out!” Do not consider purchasing that please!   Full disclosure though, I do have an Amazon Alexa Echo, Wif-Fi door locks, Wi-Fi security system, Wi-Fi light bulbs and Wi-Fi doorbell as part of my Smart Home. 

Again…I am a cyber security professional. I teach cyber security for a living.

Also, currently for work, I am hacking smart devices like these above…I’ll give you a minute to let all of that sink in. Yes, the irony makes my head hurt too. As a tech enthusiast, I absolutely love the connectivity and convenience smart devices like these provide, but as a hacker and a cyber security professional, their vulnerabilities and privacy concerns terrify me.  

In the last five years there’s been a massive increase in smart homes, and add-on smart devices for traditional homes being sold worldwide. Though smart devices are often marketed to the tech savvy youth, the accessibility of being able to control your whole house, the lights, the door, even the temperature, just from your voice means that everyone is getting these devices regardless of technological familiarity.

So as somebody who’s a hacker, tech enthusiast, and cybersecurity teacher, let me put my brain to work and tell you how to best mitigate the vulnerabilities in smart devices. Let’s talk about how we can keep ourselves—and our data—safe!

First, let’s first define smart devices. These are usually single-purpose gadgets (like thermostats) that talk to each other and to your local network, often through Wi-Fi. Take, for instance, a toaster: originally not smart. Yet, somebody got the idea to attach a PC board (printed circuit board) to the device in order to automate your toasting process. Now your automatic toaster connects to the internet, making it a part of the IoT, or the Internet of Things. Any non-traditional computer device that connects to your wifi is a smart device, and even your toaster represents a point of vulnerability.

This is not to say to throw away your smart toaster or your Alexa enabled microwave, but instead to treat them as seriously as you would a computer. I for one love my toaster, and have taken a few steps to mitigate the vulnerabilities present in it and my other smart devices.

Step 1: Remember what a smart device is: it’s a dumb device with a circuit board. This circuit board usually contains a Wi-Fi, Bluetooth, and/or USB module. This means we can make sure the firmware is updated regularly, via most manufactured apps (like Samsung’s SmartThings). 

Step 2: Keep your smart devices on a separate network, or separate subnet from your main network. These devices need only be in contact with one another and your phone, and thus there is no reason to expose the vulnerabilities they present to your main network. Segmentation is a general cyber security best practice, but it is even more critical with smart devices.

Step 3: Read through the manual! Yes, yes, I know, I hate reading manuals too, but you need to read through the manual to change the usernames and passwords, and/or change the default PIN numbers. If you’d seen what I’ve seen online with websites that post searchable default usernames and passwords or PINs for all these devices, you’d be terrified as well. Anything is better than the default factory setting.

Step 4: Remember, all smart speakers record your conversations. Although Amazon and others say they delete non wake-worded conversations, the jaded cyber security professional in me will never fully believe that. If your smart device has the option to not be recording at all unless manually triggered, set that as your default. This works well for devices like the Echo which I keep next to my desk and I can simply press the mic to turn it on and ask about the weather. This may not be possible for all devices, so consider where you value your audio privacy the most when setting up devices.

Step 5: Monitor your network. I monitor my home network on occasion both to see what my devices are doing or if there are any strange devices laying about. I recommend knowing exactly how many devices are on your home network at any given time. 

In summary of this madness, I think as long as we take the time to learn about the devices that we have on our networks, be smart, update your firmware regularly, change default passwords, and keep tabs on things. If we do, we can sit back with our coffee and enjoy our smart devices. Just leave the flying Amazon drone camera at your home!