Can your smart home be hacked?

August 2020
Can your smart home be hacked

With more of us embracing smart home technology, most wonder: Can your smart home be hacked?

 

As people began to incorporate Amazon Echo or Google Home into their property, they started to look at a wider application of smart home technology as a way to control every aspect of life, remotely.

 

Some even rush out and buy a complete Z Wave system or a few Samsung SmartThings device to create a basic system to control lights, blinds and the heating system.

 

Unlike a physical break-in, where the damage is immediately obvious, a cyber attack can be more subtle. So while you can’t look for broken doors or smashed windows, there are tale-tell signs that your security has been breached.

 

It’s a sad fact of modern life that cybercrime continues to grow at a rapid pace in the UK. However, the good news, is that only a tiny number of homes are subjected to direct hacking. These stats pale in comparison to physical burglary.

 

That doesn’t mean you automate your entire home without increasing the risk of being hacked or discount the damage a hack could potentially do. Instead, you do have to take steps to protect your smart home system and continue to monitor the situation.

 

In this guide, we’ll answer your common smart home security questions as well as answer can your smart home be hacked?

 

 

What smart home technology can be hacked?

Most smart tech is vulnerable to hacking, while this conclusion won’t surprise you, the research behind just how vulnerable your Wi-Fi router, kids toys or CCTV cameras might. However, that’s only part of the story.

 

Recent research by the IoT Security Foundation found that just 13% of consumer IoT (internet of things) firms allow vulnerability reporting despite incoming laws and international standards. 

 

This should cause alarm, especially as manufacturer continue to release firmware and software updates designed to keep products protected from the latest threats and vulnerabilities.

 

That said, older devices, standalone products such as smart door locks and poorly maintained hardware still require a physical on-site attack, which can be thwarted using traditional methods.

 

Even by incorporating a single smart device in your home exponentially increases the potential for a cyberattack. Not to mention the sheer amount of data about our daily life that’s being tracked by the devices.

 

 

Maintaining smart home technology

Even as we’ve adopted and welcomed more technology into our lives, we still have a lax view of security. Consider if you were visiting a friend for a meal, you might question whether you closed the bathroom window. You could quickly return to double-check it.

 

That said, you probably clicked the “update later” notification multiple times on your smartphone or computer or even forget to renew critical software. These actions are akin to leaving your bathroom window open while you’re on holiday for a week without giving a second thought to whether someone will break-in.

 

So while home automation systems are quite secure by design, it’s the people who operate and maintain them that can cause issues. Regardless of what smart home system you install, each month, you should aim to search and install any updates.

 

Another way to maintain a high level of security is to replace devices every 5 years or so because as products age, they become more vulnerable to being hacked or compromised. Manufacturers are also likely to withdraw support for products after being released for 4 or 5 years.

 

Of course, updating to the latest products isn’t without its own risks, but the manufacturer is likely to offer more frequent updates and support. All of which contributes to a safer, more secure smart home.

 

 

 

 

 

Strengthen your passwords

In the digital world, strong passwords are the multi-point lock system that you’d use to secure your front door. A weak password is one that’s easily guessed and should be avoided.

 

As a home automation system is a network of connected devices that communicate with each other, having secure passwords and limiting access is critical to maintaining a secure and robust system.

 

For example, it’s fine to grant temporary access to a friend while you’re on holiday but you should revoke this the moment you return home. While they can be trusted, you should assume that someone will steal their phone and gain access to your home, however rare this might seem.

 

You might have a professional install your home automation system but this doesn’t guarantee your system is fully secure or update, both now and in the future. You as the system administrator must take responsibility for this.

 

A simple yet profound change you can make after installing a smart home system or device is to change the default usernames and passwords to unique ones. This makes it harder to hack devices as these defaults usually follow a pattern that’s covered in the manuals or readily available online.

 

In terms of strong username and passwords, you can use. Think about combining your current road name with your first school or use your mother’s maiden name with a number or special character after each letter.

 

Don’t use the same password for multiple devices or accounts. And please don’t use your pet’s or children’s names, or birthdates. Most of this information can be discovered in seconds on social media.

 

 

Always factory reset devices before getting rid of them

When you’re ready to sell, bin or give away one of your smart devices, you should follow the manufacturer’s instructions to remove all of your data. Otherwise, the next user may be able to automatically access all of your information or communicate with other devices on your network.

 

 

Can the government act to ensure smart homes are safer?

As the threat is real, it’s only a matter of time before the government insists manufacturers meet minimal security standards. The first step toward this came in March 2018, when the Government published the Secure by Design report

 

This whitepaper advocated a fundamental shift in approach to securing IoT devices, by moving the burden away from consumers and ensuring that security is built into products by design. 

 

At the heart of the report is a draft Code of Practice, which seeks to ensure that software is automatically updated, passwords can’t be reset to factory defaults and that any sensitive data transmitted by apps is encrypted.

 

 

 

 

Simple steps to keep your smart home technology secure

  • Most products are supplied with basic default passwords, such as 0000 or 1234. Change these immediately after installing.
  • Change passwords regularly, especially if multiple users have access. Use codes that can’t be guessed easily.
  • Consider using secure password generators and products that require multifactor authentication (including codes sent by text, or retina scans).
  • Regularly update your smart devices with the latest software (most releases include upgraded security protection).
  • Ensure your using a high-quality firewall and antivirus software.
  • If you’re investing a significant amount into a smart home system, use a reputable installer who can offer ongoing support.

 

 

So, can your smart home be hacked?

Yes, your smart home can be hacked and it might be an issue of when rather than if. However, if you follow some basic steps each month, you can make your smart home harder to hack.

 

So you’ll want to ensure your devices are up to date and that passwords are changed often. Also, after a few years or when product support is discontinued, it’s worth upgrading to the latest version.