It hasn’t exactly been front-page news, but the UK government recently proposed that smart home devices, like internet-connected TVs, speakers, toys and watches, should be required to carry a security label which warns their users of how easy they are to hack.
The idea of someone hacking your smart thermostat or even a smart toaster might seem like a bit of a non-issue, and it’s easy to crack jokes about the idea of hacking someone’s kitchen equipment in order to burn their toast. But smart home devices have access to all sorts of sensitive stuff – from the payment details that automated fridge top-ups are made with, to visibility of your comings and goings through home security cameras.
Noteworthy examples of previous smart home hacks include cybercriminals who have hacked into baby monitors, and those who disabled an entire home security network and burgled the resident, all because of a weak point in the home’s smart TV security. Thanks to an overall lack of typical device security measures and the fact that most smart devices are left using default login details, using them to gain access to other parts of your home is alarmingly easy to do.
Know the risks of poorly-secured ‘smart’ devices
From spying and credit card theft to outright burglary, there are a variety of risks to leaving smart home devices unsecured.
If your Google Home assistant or Amazon Echo knows your passwords and financial information, so will anyone who gains access to that tech. Even without cameras, smart home devices like thermostats and energy meters can make it obvious when a house has been left unattended – whether that’s because you’re away on a trip, or simply have a regular time of week in which you’re out of the house.
Consider the smart tech that you and your family are using, and whether it offers access to any of the following:
- Surveillance cameras or webcams
- Speakers and microphones
- Payment and address details
- Habitual information
- Window and door locks
These are some of the most crucial things to secure, and if your devices can access any of these things, it’s important to take the same kind of security measures that you might with a smartphone or laptop.
Default login details, which can be difficult to change, are a key culprit in ‘Internet of Things’ or IoT crime. Equally, the fact that these devices rarely have any kind of antivirus, firewall or other built-in defences means they are sometimes easy pickings to a keen cybercriminal.
How to protect your home from common threats
If you’re not sure where to start with your smart home security, here are a few simple but effective tactics that it’s wise to employ.
Change default usernames and passwords
When every smart boiler and smart TV comes with the same default login as every other product of the same make and model, it’s not all that difficult for a cybercriminal to find those details and access the information on those devices. If you’re considering buying a new device that doesn’t have the option to change usernames and passwords, experts generally recommend that you think twice, and buy something else instead.
When you’re setting a new password, use something unique and complex. It can get tricky remembering a lot of different passwords, but for devices which have login screens you can use a password manager – leaving you free to just remember the passwords for home devices which don’t have that option.
Disable unnecessary features
Features like remote access to smart home devices are often enabled by default, but consider whether you need all of the available settings to be active all times. If there are features which you don’t need, but which could be misused by others – with remote access a prime example – disable them for peace of mind.
Keep software patches up to date
Though it’s primarily smartphones and computers which offer regular security updates, some smart home services will release software patches when security vulnerabilities are found. If you have the option, install these as soon as they become available.
Once a security patch has been released, an unfortunate side-effect is that keen hackers can look at the changes that have been made since the last update and use them to reverse-engineer attacks on devices that have not yet been patched. That means that if a particular known flaw has been identified and fixed in the latest update, it’s potentially even more likely to be exploited, making it crucial to patch your devices right away.
Protect your WiFi network with a router VPN
Last but not least, it’s important to secure your home’s overall connection with the internet, as well as the individual devices that are connected to it. A straightforward and increasingly common way to do this is by installing the kind of VPN app you might use on your phone or laptop, onto your router.
If you’re unfamiliar with the concept of virtual private networks, or VPNs, there’s one main thing to know. When you’re connected to the internet through a virtual private network, a layer of end-to-end encryption is added to the data that you send and receive.
Whether that’s the video and audio from your baby monitor or the payment details on your Google Home, encrypting your data means that if a hacker does try to intercept, they won’t be able to make heads or tails of what they’re seeing. All they’ll get are a load of seemingly nonsensical encryption keys – strings of alphanumeric code that can only be cracked by the intended recipient.
VPNs have other uses, like keeping your browsing details private and helping you to access region-locked content or shopping discounts, but in terms of home security, the main reason they’re a helping hand is that they stop third parties from being able to view your personal stuff.
The future of smart home security
With the UK government putting pressure on device creators to take responsibility for how secure they are, we can be optimistic that things like security patches and password changes will become far more simple to do. However, the proposed measures only begin with an optional labeling system.
Over time, the plan is for security warnings to become mandatory, with any devices that lack security or fail to carry the labels being banned from sale.
Rather than relying on the user to bolt-on extra security after purchase, hopefully, the proposed changes mean that device manufacturers will start building security features in from the get-go – leaving the rest of us to enjoy our app-managed homes and smart devices without a second thought.