How safe are your smart home devices?

Smart home appliances are one of the coolest advances in modern technology, no doubt. We now have light bulbs, refrigerators, nanny cams, and numerous other home devices that come equipped with Smart technology, adding convenience to our life.

The thing to be aware of is that these devices are often more vulnerable to hacking than any other technology in your home. Malware that infects your computer can discover other devices connected to the network and take control of those devices. That’s why keeping up-to-date with cyber security training is critically important. 

Why are smart home appliances a security risk?

The primary reason smart home appliances are such a security risk is because they often use either Bluetooth or WiFi connectivity, with minimal security settings, to communicate with the rest of your home network. These smart home appliances are at major risk for packet sniffing and hijacking, thus offering a gateway into the rest of your network.

Think of your entire home network as a castle. Your computer is the throne room. Your WiFi router is a drawbridge into the castle. Your smart home appliances are like an alternative side-gate, easily rammed down (yeah, I’ve enjoyed Game of Thrones).

Take, for example, smart lighting systems. There are numerous brands available – Xiaomi Yeelight, Philips Hue, LIFX, Ikea Tradfri. All of these brands operate on the same principle. You install the lightbulbs into a normal socket, then connect them to your home WiFi. After the lightbulbs are connected to WiFi, you can control them from your smartphone using apps like Google Home, Amazon Alexa, etc.

However, there are numerous security flaws with these devices. Let’s start with the most basic.

When you initially enable these devices, they are prone to hijacking. A smart light bulb is broadcasting its naked SSID, with no password encryption – literally, anyone close enough can connect to the device, until you have configured it to communicate exclusively with your personal WiFi network.

Second, even after you have configured the smart device, there are still security flaws to be aware of. Philips Hue lightbulbs, for example, were discovered to be passing API keys in plaintext. Meaning no encryption whatsoever.

In this blog, security researchers showed how they can easily hijack Philips Hue lightbulbs, sending commands to control the lights. Basically, a malicious hacker could easily wreak havoc on your home lighting.

While this could be considered a simple malicious prank, things get considerably scarier with regards to smart surveillance cameras. One family experienced this kind of terror when their WiFi connected Nest surveillance cameras were hacked and began broadcasting threatening messages through the built-in speakers. Just imagine, your home surveillance cameras being turned against you by hackers.

Even worse, because these devices are connected to the internet by means of your home network, they can be turned into botnet devices. It’s been done. Imagine, central banking databases being brought down by an army of internet-connected refrigerators – yours being one of them.

We could continue with tons of examples, but honestly, do the research for yourself. Simply Google “smart device hijacking”, or “smart fridge botnet”, or anything related to hacking smart home appliances.

The results not only include stories but instructional articles on how to easily hack and hijack these devices.

How to secure your smart home devices

The good news is that there are numerous ways to secure your smart appliances and home network.

• Update all the firmware: Manufacturers of smart home appliances regularly release firmware updates, to patch security flaws and bring new features to consumers. You should make it a habit of routinely checking for and applying firmware updates to these devices.
• Use strong passwords: In most scenarios, hackers are able to breach smart home appliances because of overall weak network security. Make sure your WiFi network has the strongest encryption possible, which means WPA2 encryption and a password that isn’t your birthday.
• Set up an alternate network: It takes some configuration, but you should strongly consider setting up an alternative WiFi network, such as a guest or mesh network, exclusively dedicated to your smart home devices. Your smart home devices will be limited to the extended network, without offering a gateway breach into your main home network.

Unplug devices not in use: It may seem like paranoia, but do you really need your microphone-enabled surveillance cameras and music speakers plugged in and connected to your network all the time? Disconnecting these devices when they’re not in use could save you some grief, and give you a sense of security that a stranger isn’t able to watch you through your own surveillance cameras anytime they want.