How to secure your smart home

Connected devices have revolutionised digital life, but a smart home can leave you extremely vulnerable to hackers.

It’s taken a long time, but the idea of the smart home is gaining momentum. More and more of us are bringing connected home technologies into our household, whether smart lighting or smart heating or the smart speakers that can control them (one in ten UK households now owns one). The 2017 TechUK State of the Connected Home report found that 77% of us were aware of these technologies, and 80% of us owned at least one connected home device. Adoption of smart thermostats and smart home monitoring and control devices is rising, too. The research company, Statista, expects to see control and connectivity smart home technology in 7.9 million UK households by 2022.

Yet this growing interest is tempered by concern. When Deloitte surveyed UK households for a report released last year, nearly 40% of us were concerned about connected home devices tracking our usage, while more than 40% were worried these devices might expose too much about their daily lives. Fewer than 20% of respondents said they felt fully informed about the security risks. Almost 40% said that they didn’t feel informed at all.

The sad thing is that these concerns aren’t misguided. Just as we’re getting used to the idea of securing our PCs, smartphones and tablets against internet threats, we’re bringing in a range of devices that combine internet connectivity with the potential to spy on us and affect our daily lives. In June last year, a Which? investigation found that hackers could get past the security in Virgin’s Super Hub 2 router and gain access to connected smart appliances, including a child’s toy and a domestic Wi-Fi camera. Eight of 15 devices tested had significant security flaws, including one that enabled connected security cameras to be hacked using an unprotected administrator’s account, allowing hackers to access live feeds from the cameras and even move them to change the view.

Meanwhile, last August the security researcher, Mark Barnes, demonstrated that it was possible to hack an Amazon Echo speaker and listen into a live audio feed. We’ve also seen several attacks on poorly-secured routers and other smart devices, transforming them into massive botnets running Distributed Denial of Service (DDoS) attacks on corporations.

This could be just the start. If we’ve learnt anything about cybercriminals, it’s that the more ubiquitous a technology becomes, the more value for them there is in attacking it. The bigger connected home technology gets, the juicier a target it will be. How, then, can we protect our smart homes against intrusion?

Securing your devices

With many technologies, the first step would be to secure the device itself. However, with so many different smart devices, often with no readily available controls, there’s a limit to what the average homeowner can do. There are some simple, basic measures you can take, such as changing any default usernames and passwords or keeping device firmware and software updated. It’s also worth thinking about turning off a device’s internet functionality if you don’t need it. For example, if you don’t need to access your baby monitor online then disabling the feature will reduce the possibility of it being hacked. If you’re au fait with network-monitoring apps, you can also monitor smart devices to see if they’re using more bandwidth than you might expect. If a Wi-Fi security camera is regularly sending and receiving traffic, is it because you have it configured to stream video or send out real-time alerts, or is it because someone has hacked it and is monitoring the feed, or even added it to their botnet?

If your smart home devices can be accessed and controlled remotely, through an app or cloud service, for example, think about how that’s secured. Have you got a unique username and password in place to protect them? Could you use two-factor authentication, like a code sent via SMS or email on sign-in, to make sure unauthorised users can’t log in?

That’s a good start, but it might be more important to look at the devices that connect to and control your smart home – and your network security as a whole.

On the first front, you really need to have robust security software installed on any device – including smartphones, tablets and computers. Not only will this close down potential vulnerabilities, but also reduce the impact if an attack on a router or connected device becomes a launchpad for a wider cyber assault. For similar reasons, password and PIN locks should be used on all such devices – and you should think carefully before installing anything that could provide a third-party with remote access.

On the second front, there are various schools of thought. Some recommend using multiple networks if your router supports them, to isolate your smart home devices from computing and web-browsing devices. That way, a successful intrusion on one network can’t affect the devices operating on the other. However, while this solution may be effective, it also restricts the usefulness of smart home devices that need internet connectivity for specific features or to let you control them while you’re away.

The alternative approach is to check and improve security on the network setup you’ve already got. For instance, you can make double-sure that your router and any other network devices have a proper username and password – not the defaults – in place, and that any built-in firewall features are used and any unused ports locked down.

Either way, security software can help. Kaspersky Total Security, for example, can help you take a more holistic approach to security, so that every PC, tablet and smartphone is protected. It works as a kind of proactive security expert, warning you of new dangers – like a ransomware attack or a breached online service – that could affect you and your smart home setup. Think of it as a guardian for your digital home life, protecting privacy and boosting security so you can stream, shop and surf online without having to worry.

Are your smart home products safe?

Using the Kaspersky IoT Scanner app is another great idea. This scans your home network and makes a list of all your connected devices, before scanning the specific network ports on each one to find which are open and which are closed. The app then notes any common vulnerabilities and prompts you to close any ports involved. It can also reveal all the devices connected to your wireless access point, ensuring that if anyone is spying through your network or borrowing your bandwidth, you can find them and shut their antics down.

READ NEXT: How to avoid turning your personal data into a hacker’s goldmine

It also auto-detects and scans the ports of any new devices you connect, checking for ports that are open unnecessarily, then notifying you so you can close them. That way you know when any new device joins the network, and how safe or unsafe it is.

David Emm, senior security researcher at Kaspersky Lab, warns that consumers need to be aware that connected devices aren’t necessarily held to the same safety standards as everyday household items.

“We take it for granted that smoke alarms, clothing, home furnishings and children’s toys are safe to use, and the BSI Kitemark or CE marking tell us that they meet minimum safety standards,” he says. “However, there’s no equivalent for digital devices. Until all device manufacturers adopt security-by-design, we need to get into the habit of changing default passwords, enabling updates and disabling functionality that we don’t need.”

Right now, the smart home landscape can be a little ‘wild west’ in nature, with many manufacturers offering many products, not all of which are secure. Over time this should settle down and we’ll start to see security as a reason to buy one product over another. Until then, securing the rest of your home network with a product like Kaspersky Total Security and keeping an eye out with Kaspersky IoT Scanner app is the best way to keep your smart home safe.

Get your exclusive 40% discount on Kaspersky Total Security using “AlphrSept”.