Advances in smart home technology are changing people’s homes for the better, but also opening up opportunities for hackers. With new smart home devices announced at January’s virtual CES already hitting the markets, Avast’s security experts are encouraging people to shore up their home security when buying new smart home technology.
Smart home devices can inform, entertain and save people time and money, to enjoy the things that matter, but they can also become liabilities with cyber attackers viewing them as soft targets. Cybercriminals can exploit the security weaknesses of smart home devices and gain access to household networks to take sensitive data – or even more alarmingly take control of the devices and monitor activity within people’s homes.
Avast figures from September 2020 showed that, among UK households owning IoT devices, 76% own at least five. This figure was an increase of 8% from December 2019, perhaps reflecting the wider trend to spend on home improvements and entertainment during COVID-19 lockdowns. Even with the pandemic having delayed many launches, new smart home devices continue to be announced. Research from McKinsey Digital showed that worldwide, every second, 127 devices hook up to the internet for the first time. This level of growth is clearly increasing the opportunities for bad actors.
To mitigate the potential smart home threats that cyber criminals can exploit , there are a few things that buyers should consider. For one, they should take a look at the device’s update process to make sure it is straightforward and that they are notified when a new update is ready. It is also sensible to consider installing a digital security product that allows scanning of their local network for unsecured IoT devices so that the necessary steps to secure them can be taken.
Here are seven further simple steps to help households reinforce cybersecurity around smart home devices:
1. Take the time to pick the right smart home devices
People looking to upgrade or start investing in smart home technology this year should consider buying devices from well-known, reputable, manufacturers. Prominent brands are more likely to have effectively implemented security features and to provide long-term firmware updates to address emerging vulnerabilities. Also, before adding a new connected device to your network, take the time to understand how it collects and uses your data and the device features that can be configured or disabled for extra security.
2. Change the default password
A default password is a risk on any device, not just your Wi-Fi router. Always change the default password to a complex password, a combination of capital and lowercase letters, numbers, plus special characters if allowed. By failing to update default login data, homeowners are making it easy for attackers. Most bad actors have lists of default passwords, allowing them to breach a network via weaknesses in smart home devices, and even enabling enrolment of smart home devices to botnets.
3. Set up two-factor authentication
Wherever possible, homeowners should also strengthen device security by using two-factor authentication, a process where two authentication methods are needed to gain access which can help prevent attacks if your password is discovered.
4. Update firmware ASAP, always
It cannot be stressed enough that the firmware on IoT devices must be updated with the latest versions and patches as soon as they are available. The trigger for most firmware updates is that a security flaw has been found, and exploited, in the previous version. Meaning it is important to stop using the compromised version right away.
5. Erase your personal data from old smart home security before disposal
When getting rid of older smart home products, people must make sure that they erase all data and personal information, delete associated accounts that are no longer needed, and perform a factory reset of the device. Also, make sure to remove the device from online accounts, networks, or apps such as Google Home, Amazon Alexa, and IFTTT that are linked to them.
6. Consider segmenting your home network
Splitting a home network in two could also be beneficial. Keeping devices that carry sensitive data – such as a laptop and smartphone – on a different network from those supporting smart home devices. By using this set-up, an attacker would not be able to directly access a personal laptop if they breached a smart home device. The smart home network could also operate as a secondary network for guests; protecting sensitive devices if their bad browsing behavior leads to a security problem.
7. Consider cybersecurity
Everyone’s protection is in their own hands these days, so it’s a good idea to call in reinforcements for peace of mind. Consider installing a digital security product that assesses IoT devices connected to the network, reporting anything abnormal. Use a product that performs network scans of the local subnet to check for devices that accept weak credentials or have remotely exploitable vulnerabilities.
IoT devices undoubtedly offer an array of benefits, convenience and enjoyment for the whole family, but safeguarding the smart home is essential in order to protect users against hackers looking to take advantage of the recent surge in IoT device usage. By taking a few precautions we can all ensure our devices are protected and network vulnerabilities are mitigated.
- Nick Viney, SVP and General Manager: Partner at Avast.