Florence Ion* says that when we purchase technology for use around the home, we might be inviting in some unwanted lodgers.
With the advent of gadgets like doorbell cameras and data-logging sensors that track your sleep, the smart home extends to even the most intimate areas of the household.
It’s great for general convenience, like knowing whether you left the heater on or locked the door behind you.
However, these connected devices also bring with them a host of security concerns.
We asked Director of Advisory CISOs at Duo Security, Wendy Nather for a reality check on what the real vulnerabilities in a smart home are.
“The most prevalent threats are automated attacks that are trying to take over devices as they would personal computers,” Ms Nather said.
“These threats often include denial-of-service attacks, cryptocurrency mining and stealing user passwords.”
Fortunately, it’s easy enough for anyone to take a few extra steps as you’re setting up your smart home to stay protected.
With Ms Nather’s help, we put together a list of things to consider.
You may already be in the habit of keeping your computer and smartphone updated, but not always apply the same prudence to smart home devices.
Every gadget that’s linked to an account and is constantly connected to the internet can be a prime target for botnets, the cause of those massive denial-of-service attacks.
It might sound like obvious advice to keep your devices updated, but that can be hard when you might not even have access to the firmware in the first place.
“Sometimes you can’t update things on your own,” Ms Nather said.
This was why you should learn how to update a new device the minute you bring it home.
One way to stay on top of firmware updates is by regularly checking the manufacturers’ websites since it can take a while to push out updates for new vulnerabilities.
Create a bookmark folder with links in your browser and check them often.
You can usually manually dig into the app settings to check for new software.
Either way, you should keep the firmware or operating system on all the devices you use in your home up-to-date.
We live in a world that’s so convenient, that there are even apps that can remember your passwords for you and generate new ones.
Ms Nather suggests using such a password manager, like LastPass or 1Password.
Both services can spit out a random alphanumeric passcode and store them for you across platforms.
Browsers are taking note too, with Safari offering a similar feature in Mojave for free.
It might sound counterintuitive, but if you still need help remembering a password, write it down in a paper notebook.
“It’s not likely that someone will break into your home to read the passwords in a book in your desk drawer,” Ms Nather said.
Some connected devices may also arrive with a factory-set username and password.
“If you can change the password from its current default, do that, and make sure to check it whenever your device is restarted,” Ms Nather said.
“Sometimes a reset will change it back to the default.”
It’s not the easiest way of configuring the smart home, but if your router can handle it, consider setting up a separate Wi-Fi network just for your smart device.
This ensures that all network traffic associated with home automation is diverted through a separate line from the one you use for your computers and mobile devices.
In the event of a denial-of-service attack, the line that’s hacked won’t be linked to sensitive information.
“Also, don’t share your Wi-Fi with your neighbours,” Ms Nather says.
Connected devices, the smart home, the internet of things — whatever you want to call it — is a relatively new category of gadgets.
You shouldn’t just buy the first thing you see on sale.
You never know what kind of vulnerabilities you’re introducing in the home through a nefarious third party, or whether the company updates its software enough.
Before you click the buy button, check out what the internet has to say about it.
Scour Amazon and Best Buy reviews (as well as ours, of course) and do a search for the product name and ‘security vulnerabilities’.
Sticking to well-known brands will also mitigate the possibility of issues later on, since the manufacturer is more likely to have the resources to invest in consistent updates.
It’s oft said, but it bears repeating: Take a look at the terms you’re signing to before you’re logging on to a new connected device.
Granted, you don’t have much control over what you’re agreeing to and it’s likely written in indistinguishable jargon, but you can look to other people’s experiences.
Inevitably, if you’re bringing a digital assistant like the Amazon Echo into your home, you’re tethering your devices to a speaker with a microphone that’s constantly listening for your commands.
It’s convenient for a hands-free household, but you might not feel so comfortable if you start to think of it as a direct line into your home.
That’s why sticking to well-known brands is imperative if you’re bringing a smart speaker into your home.
In the end, the security of your smart home relies entirely on how much research and care you take before setting up too many devices.
“As with any other type of computing, the advances in technology rush ahead of the means for securing them,” Ms Nather said.
“This means that the internet of things will tend to be just as insecure as it can possibly be before consumers clamour for change.”
To that end, it’s better to wait to adopt a new smart home gadget after it’s in its second or third generation.
* Florence Ion co-hosts @androidshow and @materialpodcast and writes about the smart home for @tomsguide, @engadget, @reviewed. She tweets at @Ohthatflo
This article first appeared at www.engadget.com.
