How to enhance the cybersecurity of your smart home

How to enhance the cybersecurity of your smart home

By David Balaban

Have you heard about the VPNFilter info-stealing malware that infected roughly half a million routers around the world last year? Or perhaps you’re familiar with the shenanigans of the Mirai botnet that enslaved numerous IoT devices and used them to DDoS some of the Internet’s major services in 2016? These are just a few examples of malicious code turning a smart home into a source of cyber mayhem and identity theft.

According to recent findings of security researchers, routers and connected cameras are the most targeted smart devices, accounting for 90% of all attacks in this ecosystem. Pair that with the fact that almost everyone owns and uses these appliances, and you will get the big picture: the average networked home is low-hanging fruit. This needs to change, obviously.

It goes without saying that smart TVs, locks, thermostats, fridges, lighting systems, voice assistants, and many other electronic inhabitants of growingly intelligent homes are awesome contrivances making people’s lives easier. At the same time, though, they can be the weakest link in one’s security posture due to notoriously lame defenses. Over half of all modern home security systems rely entirely on smart tech. Does this mean you need to unplug them and abandon all security systems right away to be on the safe side? Of course not.

Here are simple, best practice tips to harden the protection of your smart home against cyber incursions.

• Keep the router intact

Your router is the pivot point of the entire home network that links your devices with the World Wide Web. If crooks manage to compromise it, they may get access to all of your connected gadgets. Therefore, it’s in your best interest to safeguard it as reliably as possible.

To begin with, assign your router a unique name. This is important because the original name might speak volumes about the model and specifications of the router. Crooks can use these details to exploit known firmware vulnerabilities and infiltrate your network.

Secondly, be sure to change the default Wi-Fi password with a strong, random-looking one nobody can easily guess or crack. To add an extra layer of protection to your wireless connection, go to the router’s settings and select a strong encryption method, such as WPA2.

• Create a guest network

Separate your private Wi-Fi network from the one your visitors use. Thankfully, most modern routers provide this option, ensuring that the different subnets don’t overlap and have different authentication details. Additionally, consider prioritizing your smart devices and setting up an isolated network for the most important of them. Segregating your home network is a critical step to avoid a SPOF (single point of failure) scenario.

• Remember: default usernames and passwords are a no-go

Here’s some food for thought: competent attackers know the default passwords most IoT devices ship with. Unless you change them from the get-go, cyber intruders can remotely access your connected appliances over their web interfaces. It means control over your smart home may slip out of your hands.

Make sure the new passwords are at least 12 characters long and are strong enough to prevent malefactors from guessing or brute-forcing them. Think outside the box when creating a password: use a fusion of uppercase and lowercase letters, numbers, and special characters. Do not include any personal information, such as your name, address, or other details available in your social media profiles and other publicly accessible sources. You may also want to opt for a password management tool that will automatically generate and store all of your passwords.

• Inspect the settings

Some people are clueless about nifty privacy and security features their smart gear is equipped with. Many of these functions may be disabled in the default set-up, so it certainly makes sense to take a closer look and toggle them on where appropriate.

Another thing to keep in mind is that unscrupulous manufacturers may be interested in maintaining access to your personal information, which explains the occasionally poor default privacy configuration and lack of content encryption on some devices. Therefore, take your time and adjust those settings to your needs.

• Keep firmware up to date

Not only do updates fine-tune the features of your devices, but they also fix bugs and patch vulnerabilities. Some gadget makers streamline the whole process by rolling out automatic updates, while others make it a bit more tedious for customers and simply upload new firmware versions onto their product support sites. In the latter case, the users need to download and install the update manually. One way or another, getting the latest software build is definitely worthwhile as it’s less likely to be exploited by attackers.

• Turn off redundant features

This recommendation is self-explanatory: if you aren’t using a feature, go ahead and disable it. For instance, you probably don’t want to keep remote access enabled for any external device other than your own. If so, turn this permission off right away before criminals weaponize it.

• Use 2FA

No matter how strong your passwords are, it’s certainly a good idea to further enhance your login practices. If a smart device app provides a 2FA (two-factor authentication) option, you are better off using it. This way, the login process will require an additional secret code sent to your smartphone or email inbox every time you are trying to access the gadget’s dashboard.

• Treat public Wi-Fi with caution

Free Wi-Fi hotspots in public places are a mixed blessing. On the one hand, they are definitely convenient to use. On the other, they may utilize weak security protocols and sometimes provide no data encryption at all, thus exposing your Internet sessions to MITM (man-in-the-middle) attacks. Therefore, you can safely go to a news site from there but you should refrain from using public Wi-Fi to manage your connected devices. The only thing that can properly safeguard your web traffic and privacy in such a scenario is a dependable VPN (a virtual private network).

• Secure your smartphone

Most people access their IoT devices on the go from their smartphones. It means the phone can become an entry point allowing hackers to gain a foothold in the whole smart home network. That’s why it’s extremely important to fend off spyware and other forms of mobile malware designed to steal sensitive information. Be vigilant and use an effective security app on your Android or iOS gadget. Also, install software updates on your smartphone as soon as they are available.

• Stick with trusted brands

Reputation and customer experience aren’t empty words for established manufacturers. Go for brands that respect users’ privacy and security. So, do your homework and scrutinize the company’s background before buying from it. Look for red flags regarding past breaches and documented firmware vulnerabilities. Go to the vendor’s official website and read the fine print, paying special attention to the way they handle customers’ personal data.

Summary

When it comes to the Internet of Things, the biggest caveat boils down to its immature security. Preoccupied with boosting their sales, many manufacturers focus on the usability of their security systems while neglecting the defenses. Ultimately, strengthening the protection of your very own IoT network is up to you for the most part. The above tips probably won’t turn your smart home into an impenetrable smart fortress, but they will raise the bar for attackers.

About the Author: David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the www.Privacy-PC.com project, which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.