Are smart homes really safe from hackers?

October 16, 2019 | Devin Morrissey

smart home device example

Image Source: Pexels

There are a number of smart devices becoming commonplace in homes around the world, leading us closer and closer to the reality of smart homes, or houses that depend primarily on interconnected smart tech. Heating, lighting, and common appliances like doorbells, alarms, and entertainment devices are now increasingly being designed to operate on the internet of things (IoT).

However, some experts have expressed valid security concerns regarding smart technology,  believing that these systems are specifically vulnerable to cybercriminals. Some may argue that implementing smart systems isn’t worth the time it takes unless the security bugs are worked out.

This points to the fact that smart home cybersecurity is often overlooked. If you’re thinking about using a variety of smart home devices in your home and have never thought about this, now may be the time. Below are some things to consider that will help you make a more informed choice regarding smart tech in your home.

The risks of IoT

The truth is that IoT-based devices are growing in popularity at a faster rate than their security measures can keep up with. This could have some extremely serious consequences for those who have filled everyday lives with multiple interconnected smart devices. While these things may be convenient for a home, IoT technology itself comes with a cost.

As Javvad Malik suggested in his article “IoT: Usability Dream or Privacy Nightmare?”, imagine what might happen if a hacker got control of your smart thermostat. They could hold your temperature for ransom unless you paid them in bitcoin, Malik argued. This is a real concern with the growing popularity of IoT smart homes because, frankly, they’re not designed to defend themselves against cyberattacks.

The risks of IoT systems have been well documented, specifically by the Open Web Application Security (OWASP) Project. Each year they cover concerns about the IoT in their “IoT project.” In their most recent update, they included the following things with the most major concerns in the implementation of IoT:

  • Insecure network services.
  • Lack of secure update mechanisms.
  • Insecure data transfer and storage.
  • Insufficient privacy protection.
  • Lack of device management.
  • Lack of secure default settings.

The importance and trustworthiness of testing

Smart devices can be tested for cybersecurity, but these tests aren’t foolproof. A common type of test is penetration (or “pen”) testing, and is used to check how easy it is to hack into a network. In general, they’re very helpful. But for IoT, they are harder to perform successfully. This was best summed up in a rhetorical example put forth by Ryan Francis, a contributor to Network World,

Penetration testing was much like taking a battering ram to the door of the fortress. Keep pounding away and maybe find a secret backdoor to enter through. But what happens if pieces of the network are outside of the fortress? With the flurry of Internet of Things devices, is it harder to conduct a pen test with that many devices and end points?

The idea is that because the IoT uses technology that’s foreign to the systems pen tests are enacted on, there has to be new technology to properly address these security concerns. And with smart devices in general, privacy is a huge issue. The combination of devices in a home can make it pretty vulnerable to hacking, and sometimes, even stalking.

However, pen tests should still be completed with what we do have, as they are our strongest asset in response to IoT threats. There are actually a plethora of pen test tools, and the majority of them are open-source and thus available to the public. Some of these include:

  • Nmap
  • The Metasploit Framework
  • Zap
  • Nessus
  • Maltego Community Edition

The options you can take right now

Right now, to protect your smart home, there is more you should do than enacting a simple pen test. Rather, there are actions you can take with your individual IoT or smart devices. For starters, many of them are password-protected.

A surprising amount of security breaches happen due to compromised passwords. Thus, every network you use and every individual device should have different passwords set up. Some of these will have a default setting for a pin or passcode, but most of them give you the option to alter that. It just means you’ll have to manually set it up.

Additionally, using two- or three-factor verification may be a way to secure your IoT-connected devices should they offer you the option. Right now, that’s one of the highest-recommended forms of cybersecurity, and may apply to individual devices even if they’re all on the same network. The more you are able to secure these devices, the more secure your IoT network will be overall. So to fix the network, you guard the entry points.

So, are smart homes really safe from hackers? Not yet, because smart devices themselves are still fairly new. But there are precautions you should take to ensure the devices and network are as safe as can be. Cleaning up the tedious security aspects of your devices make the chances of a safe smart home greater.

Devin Morrissey

About the Author: Devin Morrissey

Devin prides himself on being a jack of all trades; his career trajectory is more a zigzag than an obvious trend, just the way he likes it. He pops up across the Pacific Northwest, though never in one place for long. You can follow him more reliably on Twitter.

Read more posts from Devin Morrissey ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial