By 2025, there will be 478.2 million smart home systems worldwide. There will be less news about hackers trying to break into them if you know how to protect the technological stuffing of your home from intrusions. We’ve researched stories of remote hacking and found that device users often fail to follow simple but important security rules. Below you will find 10 tips on how to protect yourself from intruders.
More often than not, hackers use credentials that have leaked into the network to hack devices. Hackers have already posted the logins and passwords of 11.5 billion online accounts, according to the service Have I Been Pwned. In many ways, this became possible because of the irresponsibility of Internet users themselves. 52% of them use the same passwords for different services, do not update them regularly, and do not set up two-factor authentication.
In 47% of attacks hackers try to connect to the camera, the second place is taken by hubs regulating smart home systems.
Two real and one experimental hacking cases
Philippa Copleston-Warren, a resident of England, wanted to destroy her ex-boyfriend’s new relationship and used the Alexa app to do so. A camera, light bulbs, and an Amazon Echo speaker were connected to it in the ex-boyfriend’s house. Upon seeing her ex’s new girlfriend, Philippa asked her to leave through the speaker and began turning the lights on and off on her bedside table.
The Westmoreland spouses installed a camera, door lock, and Google Nest thermostat. A hacker hacked into their smart home system and made life a living hell: playing music loudly on the video system, talking to the homeowners through the camera speakers, and raising the temperature to 32°C. Changing passwords on Google Nest didn’t help, as the intruder penetrated the Wi-Fi network. He was able to hijack the connection, spoof the SSL certificate and connect to the device. As a result, the couple had to change the network ID. According to Google, the hacker likely used data that leaked onto the Internet from other sites to hijack the devices.
Data can be intercepted even from devices that, at first glance, are of no value to hackers. Specialists during a security audit discovered a vulnerability in a smart fridge that allowed the login and password to a linked Google account to be stolen. The fridge used the account to retrieve events from the calendar and displayed them on the built-in screen. Network connections were secured with SSL encryption, but SSL certificates were not verified on the fridge side. This potentially allowed an intruder who infiltrated the network to spoof the server the fridge was communicating with and steal data.
An employee of anti-virus company Avast hacked the firmware of a smart coffee machine and infected it with ransomware for the sake of an experiment. “The hacker” disabled all of the machine’s functions, displayed a message demanding ransom, and made the machine hum continuously. The only thing the user can do at such a moment is to unplug the device. Protection against such vulnerabilities is ensured, in particular, by regular firmware updates.
How to protect your devices from hacking
- Keep an eye on information security in general – it is more of a preventative measure. Be vigilant and carefully analyze the sites where you leave your email, register, etc. For example, if you use an unfamiliar free website traffic generator for the first time, create a new e-mail for it on a free site and use a unique password, so that in case of information leakage you won’t leak important information to hackers.
- Install official software updates. Attackers often exploit old vulnerabilities that manufacturers have already fixed in new firmware versions.
- Segment the Wi-Fi network: create separate networks for computers and smartphones, guests, and smart devices. The network for the smart home system is further divided by the purpose of the devices. This prevents an attack from spreading and isolates critical devices that can’t be disconnected, like locks, leak detectors, and video cameras.
- Hide your Wi-Fi. This way, outsiders can’t find your network name in the public domain. To do this, you’ll need to hide the SSID in your router’s settings. To connect to such a network, you need to enter its name and password.
- Use different passwords on the devices and for connecting to the network. Make sure your passwords are complex and long enough: numbers, special characters, and letters – lowercase and uppercase.
- Check that your data is not in the leak databases. You can do this on the Have I Been Pwned website. If your passwords have been compromised, change them.
- Use a virtual bank card to pay for purchases with your device. Transfer to this account either small amounts or amounts you need for a specific purchase. You can start, close, or replace your card with another in a few clicks in Mobile Banking. Don’t forget to set a limit on the number of card transactions.
- Connect two-factor authorization wherever this option is available. For example, use not only “conventional” SMS, but two-factor authorization by face and voice to pay for purchases with a linked card.
- Restore the factory settings before you sell or donate the device. Otherwise, the new owner will be able to access personal information and the gadget will retain the ability to connect to other devices on your network.
- Buy devices from reputable manufacturers. Big brands value their reputations, so they maintain their own infrastructure, implement effective security measures, and promptly release updates to address vulnerabilities.