The Internet of Things (IoT) provides you with new technologies to accomplish and automate tasks. It can also help you do things easier and more efficiently. As you utilize more IoT devices it becomes more important to verify and/or improve the security of your smart home devices.
The average home in the U.S. has a dozen or more connected devices in it. With the widespread acceptance and increased coverage of 5G, the number of smart home devices will increase. It’s important to verify or improve the security of your smart home devices.
Secure Your Home Network Wireless Router ~ First Step
Your smart home wireless router is your gateway to the Internet. This is your first line of defense against hackers. Whether you use a router supplied by your Internet service provider or use your own, proper setup is critical for securing your network.
If you suspect your router has been infected by malware there is a free tool that can check it for you. It’s a good idea for you to run this check before changing any settings. It is called the F-Secure Router checker.
It will quickly check your router for infections and vulnerabilities. If your router is infected with malware you will be notified and given recommendations. If there are no issues, you’ll see results similar to this:
Unlike traditional wired local networks, wireless networks are not confined within the walls of your house. This section discusses how to set up and secure a Home Network Wireless Router. After securing your wireless router then you can improve the security of your smart home devices.
Depending on your type of signal and networking equipment, your signal may be able to be detected as far away as 1000 feet. If your wireless signal is not secure it may exposing sensitive data to malicious actors or may allow your Internet connection to be used by unauthorized persons.
A malicious user or hacker who has gained access to your smart home network may be able to:
- View information about your system and have access to files on your computer or other devices.
- See the websites you are browsing and possibly capture log-in names and passwords.
- View the communications you take part in, via email or chat applications.
- Gain access to your system devices and infect them with malware that can spread.
- Use your Internet connection to Download copyrighted or illegal material subjecting you to a criminal investigation.
To ensure your network is secure and private there are certain precautions that should be taken. Yes, you may need to improve the security of your smart home devices, but first, you must ensure your wireless router is properly setup.
The first step is to always replace the default name and password of any new device. This should be done the first time you power on the device. Use a unique name for your router, one that does not give away location info. And, be sure your password is unique and complex.
For valuable tips and secure setup instructions for your home wireless router refer to this detailed article, Securing Your Wireless Router. Your wireless router will have the capability to set up a separate network, a segmented network, that your smart home devices will use.
Using the admin login procedure specific to your router you can check firewall settings, create a network segment (or guest account) for your smart devices. Within the user interface there are many options and settings available. Most routers offer an interface similar to the one below.
On some routers, segmentation is accomplished by creating a guest account that can be used for IoT devices. However, most newer routers have the capabilities to create specifically segmented networks. The example above offers a separate tab that addresses subnets.
Keep in mind, that for some devices to work they must be able to interact with other devices. So, all of your IoT and smart home devices should be connected to the same network segment. There are many available smart devices for home networks.
The advantages of segmenting your network are two-fold. It helps to organize your smart home network devices, but more importantly, it is done to increase the security of the smart home network. The idea is that devices on one segment can not reach devices that are on a separate segment.
That means that your home office computers and devices will be isolated from your smart home devices. The Internet of Things (IoT) consist of many different types of devices, usually manufactured and supported by many different companies. Segmenting prevents any IoT vulnerability from affecting the important devices on your home network.
Enterprises and large organizations use segmenting techniques to enhance their network security posture. Segmenting can also improve network performance, improve monitoring capabilities, and allow for simpler management of devices.
When using a device that uses an Internet connection, like computers and cellphones, consider using a Virtual Private Network. Find out all about VPNs, and how to use one, in this article about VPNs.
This article may be focused on improving the security of your smart home devices but maintaining the security and integrity of your entire home network is important.
How do You Improve the Security of Your Home Network
► Regularly Update Device Firmware and Software
► Install a Firewall Between Network and the Internet
► Always use Current Encryption Schemes on Wireless Networks
► Remove Applications and Services you don’t use
► Never Use Default Login Configurations
► Always use Complex and Unique Passwords
► Run Anti-virus and Anti-malware Software on All Devices
► Always maintain Current Backups
Why it’s Important to Secure Your Smart Devices for Home Networks
Just like with all other types of networks protecting your smart home network is necessary to protect your confidential and personal information. Another important aspect to consider is our privacy, like, our conversations, and our actions.
To better understand why you must secure your smart home network devices there are two words to focus on: Privacy and Security.
Privacy is the act of protecting personally identifiable and other sensitive information.
Security is the technologies and methods that protect against unauthorized access to data.
Security Issues With Smart Home Devices
The Internet of Things has changed the way we function in our homes. It has added security, convenience, and ways to conserve resources. The IoT has also just flat out made our lives more enjoyable. But, it has also introduced another area of vulnerability.
Smart home devices come in many shapes and sizes. They can be as small a smart light switch, or as large as an entire heating and air conditioning system. No matter what size they are, they all have one thing in common; they connect to the Internet.
They also can collect and store information. In fact, they sometimes must collect and store information to perform the tasks we want them to. You rely on manufactures to improve the security of your smart home devices.
Unfortunately, it is estimated that more than 75% of IoT devices are vulnerable to one or more types of attacks. It is important that you acknowledge these vulnerabilities and take precautions to improve the overall security of your smart home network.
Smart home devices may be vulnerable to one of the common cybersecurity threats that you must protect against. Some of the common threats are:
- Eaves Dropping and Data Collection Using Man-in-the-Middle Attacks — A man-in-the-middle (MitM) attack involves a hacker who finds a way to intercept the data being transferred. In regards to your smart home devices, an attacker would be interested in stealing log-in credentials or any type of personal information.
- Taking Control of Your Smart Home Devices — An attacker takes control of one of your smart home devices. Once they have control of one device they may be able to gain access to all devices on your smart home network.
- Malware Attack Vulnerabilities — Devices that are improperly designed or not properly updated with security fixes are vulnerable to malware attacks. One infected device on the network can affect many devices on the same network.
Those are just a few of the vulnerabilities that exist. As you and the industry improve the security of your smart home devices and the networks that support them many vulnerabilities will be mitigated.
For the time being many IoT devices will be vulnerable to malicious attacks. As more and more smart home devices are being created there is a need for regulations and standards concerning device security.
What about cybersecurity standards for IoT devices?
The Internet of Things and smart home devices are good in many ways. However, the IoT environment is still maturing. It is a lack of awareness issue. Not just with the manufacturers of these devices, but with the end users. Here are a few of the challenges regarding security that must be dealt with:
- Insufficient manufacturing security standards in the industry
- Lack of policies and procedures for managing device updates
- Lack of standards for physical hardening of devices
- Lack of knowledge and awareness for users
A big issue with IoT devices has been the lack of universal security standards. Organizations within the industry have yet to agree on how to protect smart home devices. The problem exist with all IoT devices.
Several government and industry organizations have created sets of standards in an attempt to improve security of IoT devices. In spite of these efforts the industry still has not aligned their practices to any one set of standards.
So, what’s being done about it?
The U.S. Government needs to step in, and they have. Previous industry efforts to create and follow security standards have failed. Can the U.S Government force manufacturers to comply with a set of security standards? They are a big customer in the IoT industry.
The standard recently put in place may only apply to IoT devices purchased by the U.S. Government, but it will create more standardization during manufacturing that will be of benefit to civilian consumers. The National Institute of Standards Technology (NIST) is making recommendations based on new standards and is being adopted globally.
How to Improve the Security of Your Smart Home Devices
You now know what some of the vulnerabilities with IoT devices are. It can be a scary conversation. It’s not necessary to give up the benefits of smart home devices. There are risks, but they can be dealt with and you can have a secure smart home. But, how do we go about it?
We have discussed the importance of securing your wireless router, and the importance of segmenting your smart home devices from your main network. The technology we are beginning to love is not going away. As you continue to add new devices always verify and improve the security of your smart home devices.
If you improve the security of your smart home devices
hackers will give up and find an easier target
Here are some easy ways to protect your smart home devices:
- Never Use Default Passwords — Even though many default passwords seem like they are strong, they can still be common knowledge to hackers. The hackers can use these default passwords as part of a brute-force attack. They use a database of know passwords in an attempt to hack into a device.
- Verify Privacy and Security Settings on Your Devices — Always check the default privacy and security settings when you set up a new device. Depending on the situation, the default settings may not be the most private or secure for you.
- Use Two-factor Authentication When Available — If your Smart home device offers the option, use it. The device will only require this additional authentication when settings are being changed.
- Turn Off Features You Don’t Need — Just like how you delete applications you don’t use on your devices, features on smart devices that you don’t need should be disabled. These features can include voice control, remote access, or other capabilities. If you’re not going to use them, turn them off.
- Check for Updates and Firmware upgrades — When configuring a new device always enable auto-updates. Register your device so you can be contacted with information about firmware upgrades.
- Replace Devices That Are Not Supported — IoT devices that are no longer supported by manufacturers updates are weak links. Vulnerabilities will not be patched, and hackers know it. Newer devices have better security features than the older ones, typically.
Always purchase IoT devices from trusted manufacturers. Never use default passwords. In a home office environment always segment your smart home devices from your household and home office wireless network.
Security and Privacy checklist to use when buying new devices
The organization “InternetSociety.org” points out a great resource to use when buying new smart home devices. The smart device checklist was created by the Online Trust Alliance. The checklist covers privacy and security considerations.
It’s a great resource to use so you can buy smart home devices with confidence. The smart device checklist points out several important things to consider. You can download it from the Online Trust Alliance, or get the security and privacy buying guide here.
While out in public ~ general guidelines
Don’t use a public Wi-Fi connection without using a Virtual Private Network (VPN).
Do not connect an IoT device for the first time while in public. And, do not accept connection requests that are not expected.
Always turn off services on your cellphone you are not using, including Wi-Fi, Bluetooth, location services, and use Airplane Mode when appropriate.
About Your Privacy When Using Smart Devices in Your Home
Can we have our cake and eat it too? Can we have a decent amount of privacy when using IoT devices? Our smart homes and the devices that are being used in them are data collectors. Without the ability to collect data the concept of a smart home does not exist.
Your smart devices are constantly collecting data. Privacy and security go hand-in-hand. Something as simple as your morning routine requires that your smart home devices collect a vast amount of data:
The night before the smart home devices find out what time you want the alarm to wake you up. But first it needs to know what time to activate the smart coffee maker. The devices need to know which lights to turn on, where to set the thermostat, and what music station to play.
All smart home devices have one thing in common; they all collect data about you and your habits. Your smart doorbell knows who’s outside and when they visit. Smart refrigerators know what food you consume. Your smart toothbrush know long you brush your teeth. Well, you get the idea.
The data that the devices collect is valuable to someone. Security aside, how about our privacy. The companies that sell us these devices are, in some cases, selling our information about our habits, and our lifestyles. The data may be recorded anonymously, but it’s still our data, or is it?
Here’s an example of how valuable that data is to some companies; Google gave me a free Google Home Mini. It provides the company with quite a bit of data. Data like what I listen to on Spotify, information they can get from my shopping list, and other valuable data. Not all companies use or sell your data, but some do.
Research the smart devices you are considering
- Verify the manufacturer follows accepted security guidelines
- Be aware of their privacy policies
- Will your information be stored by them?
- Will they sell your information to a third-party?
- How long will they support the device with updates?
There will be a written policy online for most devices that will outline data security and privacy practices. The policy should also outline data collection, data use, and data storage policies. This is where they must tell you how they use your data.
The bottom line with your privacy
You must be aware of the data a company collects about you in return for using their device. Read the privacy policies (boring stuff, I know) pertaining to any new device you add to your smart home network.
Research the opt-out options you have. You need to understand the information you are providing and the privacy you are giving up. Determine if you are willing to do so in exchange for a service, or the use of a product.
Updated 01/19/2021 by Kirby Allen