Once, going online meant co-opting your home’s landline. Waiting for the crackle of the dial-up connection. Watching for the cursor to change from hourglass to arrow. Now, we are never offline. The internet surrounds us, no longer a digital destination but a physical reality. Thanks to smart lightbulbs, app-controlled garage doors, and robot vacuums, we live inside the Internet of Things (IoT). Smart home technology makes life more convenient. But cyber-crime specialist Marie-Helen Maras argues, “The convenience of these devices comes at a cost, namely security.”
IoT devices collect huge amounts of data on you, and your property. The smart home boom has resulted in a marketplace of unstandardized devices, built to leverage — not protect — data. Far from it: Some devices have unintentional “backdoors” — like easily guessed default passwords — built in by the manufacturer.
Some of the security risks of wireless home security arise from system design, like default passwords. Others arise from digital bad habits, like predictable passwords. (Is your pet a recurrent feature on your social media? Does their name also unlock your security camera settings?) Improving password practices is one way to fend off hackers, but defending your smart home starts with understanding the threat.
What Hackers are After
Describing the threat posed by smart home hackers usually ends in an ellipsis. “Imagine what a cybercriminal could do with your smart oven data…” So far, the anecdotal track record of smart home hacking is petty. E.g., an online prankster turns your thermostat to 90 degrees and plays vulgar music.
Still, the potential fallout of a hacked system is serious. Probable threats include audio/visual recordings, login credentials, or other personal data being used as blackmail, or as a springboard for identity theft. Device control too is a concern. Imagined scenarios like hackers turning the oven on or the lights off are disturbing, but disabling an alarm or unlocking your front door’s smart lock are downright dangerous. Worse still, even non-smart home security systems are vulnerable to such an attack. If you have a wireless system — that is, a system that relies on radio or cellular signals and not a landline — its communications can be intercepted.
Most of us fear hacking at the personal level, but hackers’ goals can be larger scale. For instance, re-deploying many private devices’ connectivity and processing powers. A large infected network, or botnet, can power attacks on online services, like the one that kicked Twitter and Spotify offline in 2016.
Security Cameras are Vulnerable
A security camera is one of the most useful, popular, and vulnerable smart home devices. Not only do they capture and transmit audiovisual records of our private lives, but they are also easy prey for both local and remote attacks.
Hackers can access a camera locally by exploiting your camera’s tendency to automatically jump onto your network when it’s in signal range. Hackers “spoof” the camera by offering a second, stronger network with the same identifiers as your own.
To access a camera locally, the hacker must be within range of your router. Remote hacks are a bigger threat. In this method, hackers fire a mass quantity of usernames/passwords at your system until they find the right key for the lock. Credentials either come from large-scale data breaches (“credential stuffing”) or from trial-and-error guesses (“brute force”).
Take the technical precautions below to protect your wireless devices from such attacks. But because of a camera’s extra-sensitive nature, low-tech and no-tech precautions are also advised:
- Review and delete video footage regularly to ensure that sensitive material isn’t lingering in the cloud.
- Keep cameras out of private zones — bedrooms, bathrooms, and anywhere else that family members change clothes or hold personal conversations, be it the muck room or the home office.
How to Protect Your Smart Home System From Hackers
- Buy from manufacturers that release security updates. It’s tempting to go with cheap. But cheap can cost you. Trustworthy brands regularly release firmware and software updates that resolve bugs and patch security issues. Neither startups nor no-name plastic factories typically have the resources to keep up with security in the same way.
- Exercise caution with used and refurbished smart home equipment. Modifications might have been made that you couldn’t know about until it’s too late.
- Take a second look at all privacy settings. Many smart home gadgets come with data permissions set to generous limits by default.
- Protect your router, protect your network. All roads lead back to the router. An easy first step: Change the default password credentials. If it’s an option, turn on automatic security updates, or set a reminder to check for them periodically on the manufacturer’s website. Finally, adjust security settings. Choose the highest encryption setting available — either WPA3 or WPA2; never WEP or WPA — and turn off guest networking and sharing.
- Use a different password for every account. Don’t hand hackers a master key. Create a unique and — better yet — random password for every account. Data breaches have unleashed the credentials of billions of people in 2019 alone. Keeping a single strong password is better than changing it every other month from “Fluffy10” to “Fluffy11” to “Fluffy12.” A password manager comes in handy here, to both generate and securely store all those dHg37wxtz45…
- Always opt into two-factor authentication. It’s the digital equivalent of locking the door, then flipping the deadlock. Turning on two-factor authentication means that logging into your account requires you to enter in your (random! unique!) password, then a one-time password typically sent via text or email. It won’t guarantee safety, but it does make things harder for hackers.
How to Know if You’ve Been Hacked
It is almost impossible to discern if your smart home or wireless home security system has been hacked. The one telltale sign: slow performance. If your devices’ functionality suddenly takes a downturn, that’s a red flag. A hacked device is a double agent, often attempting twice the work with what is typically a modest memory capacity and computing power.
Now, a poor connection or a weak signal is a likely culprit. But a failure to perform normal operations is just about the only symptom of hacking we have, and deserves closer inspection. You can also search for compromised accounts on Have I Been Pwned?
A third of Americans bought or installed a smart home device this year, according to a 2019 Fluent survey. As smart home systems penetrate the market, the rule of thumb that the more IoT devices you have in your home, the more vulnerable you are to being hacked, will be tested on the national level. Hopefully, more devices will mean that vulnerabilities will be identified and addressed all the sooner.
For now, exercise caution, but don’t despair. The odds of your home falling prey are slim: Tales of hacked systems are pretty rare, and frequently more bizarre than dangerous.