A refrigerator that doesn’t let you run out of milk. Lights you turn on or off from any seat in any room in the house. Air conditioning and heating you can raise or lower from afar. Front door keys you can reprogram at will. All this is possible today—including the ability to integrate all these so-called “smart” devices together so you can easily control them using your smartphone from anywhere in the world.
Smart homes are here. According to McKinsey, the number of “connected homes” in the United States has a compound annual growth rate of 31% over the past 24 months, expanding from 17 million in 2015 to 29 million in 2017. And this rate of growth is expected to accelerate as smart home systems that connect smart devices continue to mature. Samsung SmartThings, Google Brillo/Weave, Apple HomeKit, Allseen Alljoyn, Amazon Alexa, and Belkin WeMo are all striving to be the master controller of an increasingly complex digital ecosystem in your home—connecting everything from your smart health bracelet to your smart washing machine.
But although consumers might find their lives made more convenient by all this machine intelligence, they are also opening themselves up to hackers.
People are aware of this. A survey recently conducted by Intel found that more than 92% of potential consumers are concerned about their personal data if they used smart devices in the home. Yet, at the same time, 89 percent said that if they lived in a smart house, they’d connect all their devices through a single integrated package. One hack, and their lives wouldn’t be theirs anymore.
But there are several steps you can take to protect your home, your family, and yourself.
The risks are growing
In October, 2016, the Internet suffered a massive outage when hackers overwhelmed a key internet gatekeeper with requests for bandwidth from a tsunami of unsecured internet-connected devices. The hackers created a wired army of devices, called a “botnet,” consisting of cameras, universal remotes, DVRs and even toasters and washing machines from the homes of people all over the world. These smart home gadgets used standardized manufacturer-issued default passwords that their owners had not bothered changing. Who would? In a world where most people can’t work a DVR, how are we expected to access and program passwords on dozens of other devices in a smart home?
You might think, so a hacker gets into my refrigerator. What’s the problem? A big problem. Think of what could be stored there: not just your food and beverage preferences, but your home address, credit card information for when the refrigerator contacts the store for a delivery, the number of people in the household, even when you go on vacation, leaving your house empty. The most insidious thing about home devices is that they pick up on and store the most personal information of all: how we live our lives. Information you don’t even think about as “data.” When you go to bed. When you leave for work. Your daily lifestyle preferences and habits. It’s all up for grabs by a smart cybercriminal.
The tech website Tripwire performed a detailed analysis of the vulnerabilities of specific popular smart devices such as smart security cameras, smart door locks, and smart doorbells. The results were alarming. Many of these things could be so easily hacked that the owners were much more vulnerable after installing these so-called security devices than before. Cyber criminals were able to tamper with these devices, intercept warning triggers, and otherwise disable them. And another recent study shows that more than 70 percent of the connected devices investigated leaked private information such as name, email, home address, bank account details, and health data. The average number of security vulnerabilities per device? A whopping 25.
And there’s a lot more of them. Most houses will have 10 or 20—a lot more vulnerabilities to attack your home, your car, your office. And the ramifications will be increasingly physical. Instead of virtual theft of your data, you could have your house broken into, your car rendered immobile, and your locks changed.
What can you do to stay safe?
If this all sounds overwhelming, take heart. Even as this article is being written, security experts are racing to thwart the hackers. But here are some basic practices to keep you safer as your house grows smarter.
Change default passwords
First, and most importantly, strong and unique passwords are an obvious must, both for your devices and for your home Wi-Fi network. Use a combination of upper and lower case letters, numerals, and symbols—all the usual password admonitions apply, including changing your passwords often. Along those lines, you should also reject any devices that come with hard-coded default passwords. Smart devices like those are attractive targets for even novice hackers.
Go beyond passwords
According to the Intel report, biometrics such as thumbprint recognition are the most reliable—and simple—security methods. More than 50% of consumers said named fingerprints as their favorite option. Almost half (46%) also opted for voice recognition, and 42 percent chose eye scans. New products are appearing all the time that measure these things to secure important devices.
Be extremely conscious of how much about yourself you are revealing
These smart devices constantly collect data about ourselves, and a single object can reveal incredible details about you and your family. If you have a home ecosystem that connects all your smart devices, you are in effect compiling a detailed portfolio about your life. There’s a very real potential that this compiling of data could backfire and harm you. Think before you purchase that smart device—and think twice before connecting it to an ecosystem. Make a list of everything you will be exposing about yourself. You may be surprised at how extensive that list is. And then consider the risk versus the rewards – before buying.
Be aware that software ecosystems are not foolproof
If you’re considering integrating devices together using one of the many platforms available, think about whether that platform has high enough standards for product security. Some set very high standards, and won’t let third-party devices onto the platform if they don’t meet the requirements. Others, wanting as many devices available as possible, do very little vetting. Indeed, most of the smart home devices used in the October 2016 Internet attack apparently were manufactured by obscure manufacturers that had little or no security protections. But don’t assume that even the most popular platforms are safe. Do your homework. Ask questions of the device maker and do some research.
In Conclusion
Smart homes promise to bring many benefits to people—improved efficiencies, time savings, even cost savings as well as improvements to their quality of life. But given that today’s devices lack robust security, it’s best to be cautious before making the leap.
