How to Secure Your Smart Home in 7 Steps

Well, the truth is that smart homes aren’t exactly as hacker-proof as people would like to think they are. We’ll show you exactly why in this article, and we’ll also discuss how to secure your smart home and how to secure IoT devices in general as well.

What Is IoT (Internet of Things)?

IoT is a system of interrelated computing devices, objects, digital and mechanical machines, and even animals and people – all of them provided with a UID (a unique identifier for an entity in the system) and the ability to share data over a network. The only difference here is that the data can be shared without requiring any human-to-computer or human-to-human/animal/object interactions.

An entity in the IoT system can be anything from an animal with a biochip transponder to a vehicle with built-in sensors or a connected device you might use in your smart home (like a smart thermostat, for example) that has an assigned IP address.

What Are IoT Devices?

IoT devices are some of the entities in IoT (the “things” in “Internet of Things”). Generally, they are nonstandard computing devices that have the ability to connect wirelessly to a network, and can also transmit data over it. IoT devices communicate with each other and share sensor data with users in an attempt to automate household and business tasks to a certain extent.

IoT devices go beyond computers, tablets, smartphones, and laptops. Some examples of IoT devices include:

• Smart bulbs
• Smart thermostats
• Smart locks
• Smart plugs
• Smart toothbrushes
• Smart security systems
• IoT tracking and monitoring systems
• Smart gloves
• Smart mirrors

What Is a Smart Home?

A smart home is a house that is equipped with electronic, lighting, and heating IoT devices which you can control remotely using your smartphone, laptop, or computer. An example of that would be using your mobile phone when you leave work to access a smart thermostat to check the temperature in your home, or to see if the heating is on.

Why Is Securing IoT Devices Necessary?

As convenient as smart devices are, they are pretty lacking when it comes to security – so much so that pretty much any hacker could take advantage of that.

Here are just some things that could happen if the IoT devices in your home aren’t secured:

• A cybercriminal could hack their way into your smart thermostat, and access data to tell when you’re not at home.
• A hacker could exploit voice assistant (like Amazon Echo, for instance) vulnerabilities, and access data you’ve shared with them (like passwords or credit card information).
• Someone could hack into a smart camera in your home, and add it to an existing network of similar camera models that are controlled remotely.
• Cybercriminals could exploit IoT device weaknesses to get into your network. Then, they could hold the entire smart home system “hostage,” threatening to only get it working again once you pay a high ransom fee.
• Hackers could get control over a smart baby monitor, and use it to play loud music over them (as a way to scare or threaten you) or just spy on anyone in the room.

Those aren’t just speculations or what-if scenarios – according to data, some smart home devices can actually be hacked in as little as 30 minutes and with just a simple Google search.

Another experiment showed how 3 hackers (ethical hackers, to be clear) just needed a van and a phishing email to unlock the front door to a smart home.

Even worse, according to Symantec’s own research, the average IoT device was attacked every 2 minutes at peak times back in 2017.

We can keep going on and on with examples like that, but you probably get the idea – securing IoT devices should be a priority if you have a smart home.

Why Are IoT Devices Poorly Secured?

Unfortunately, a lot of connected devices don’t have built-in security, or it’s just poorly implemented. Some people like to argue it’s because smart device manufacturers try to save money on manufacturing and programming costs, resulting in IoT devices that:

• Have little to no system hardening, which basically means the device isn’t really protected.
• Have default or hardcoded passwords, which hackers have an easy time exploiting.
• Often have no mechanism in place to handle software updates, which often results in vulnerabilities popping up.

A few years ago, a study raised concerns about smart devices by claiming that around 70% of them have security vulnerabilities. Sadly, things haven’t changed much nowadays, with approximately 85% of IoT companies saying there is a lack of a centralized responsibility for connected devices. Over half of those companies also said there weren’t enough resources to accommodate that.

Here’s How to Secure Your Smart Home

Generally, you have to take steps to secure your WiFi router since that’s basically the “front door” to your smart home – given that connected devices use it to access the web. Of course, there are some specific things you can do to secure the IoT devices themselves.

Here’s a full list outlining all the actions you need to take:

1. Change the Manufactured-Assigned Router Name

All routers come with a predetermined name assigned to them by their manufacturer. The problem with that is that it is information a hacker could use to find out what router model you have. To avoid that risk, simply rename it to something that doesn’t give away its model or other personal identifiers (like your street name).

You should also consider renaming your WiFi network to something more obscure and random, so that it doesn’t tell online users anything about you and/or your life.

For instance, don’t just call it “My House,” “[Your Name] House,” or “[Your Name] WiFi.”

Instead, call it something like “Undercover Police” or even a random string of digits like “34Fghe.”

2. Configure a Guest Network

We recommend setting up a guest network separate of your private WiFi network, which friends, family, and any other guests who visit can use.

That’s not to say you should suspect anyone who comes over of any hacking attempts, but it’s just safer to generally keep the WiFi that’s tied to your IoT devices only to yourself.

3. Change Your IoT Devices’ Default Usernames and Passwords

In certain cases, hackers can actually find out what an IoT device’s default username and password are with a simple Google search. Yes, sometimes, a few seconds is all it takes for someone to get control over your smart house.

So, it’s best to change the default usernames and passwords. Make sure the username doesn’t contain any personally identifying information, and that the password is a strong one (lowercase and uppercase letters, symbols, numbers, and so on).

Also, you shouldn’t save the password on your computer or mobile device – either write it down or use a password manager (like KeePassX, for example), or both.

If your connected devices don’t allow you to change the default username and password, you should consider getting different ones that do. It seems like a minor issue, but it’s a serious vulnerability that cybercriminals can exploit.

4. Disable IoT Features You Don’t Need

To be safe, you should turn off any connected device features you don’t use. For instance, if you have a smart thermostat but never use the remote control feature, you should just disable it.

Besides that, you should also check each device’s privacy and security settings. Usually, the default settings are pretty good, but if you see a way to tweak them for extra security, go ahead and do it.

5. Enable 2FA If Possible

Many online services and connected devices support 2FA (2-Factor Authentication) – basically having a code sent to your mobile device when you want to log in to confirm it’s really you, for instance.

Securing IoT devices is more efficient if you turn 2FA on. If a smart device doesn’t have 2FA support, you should really consider getting one that does.

6. Keep the Software and Firmware Up-to-Date

Remember to check your IoT devices’ and router’s manufacturer websites for updates on a regular basis. Those updates often contain security-related changes that helps you better secure your connected devices and router(s) against hacker attacks.

While we’re on the subject of software and firmware updates, it’s a good time to mention it’s best if you stick with recognizable and big brands when it comes to IoT devices, not lesser-known ones that are cheaper.

Sure, Google and Amazon aren’t exactly known to respect user privacy, but they’re less likely to risk their reputation by skipping out on security updates.

7. Use a VPN (Virtual Private Network)

If you’re not familiar with VPNs, they are services you can use to hide your real IP address on the Internet, and encrypt your online traffic and data whenever you connect to the web.

While you can’t install or set up a VPN client on all smart devices, you can configure the service on your router. Don’t forget – all your home’s smart devices will connect to your router in order to access the web, so that they work as intended.

When you set up a VPN on your router, all the devices that connect to the web through it will be able to take advantage of the VPN’s features – specifically its encryption protocols. Simply put, you’ll be securing IoT devices by doing that since all the traffic and data shared between them and the web will be encrypted.

As a result, nobody (not your ISP, not government surveillance agencies, and certainly not cybercriminals) will be able to eavesdrop on sensitive information and exploit it. What’s more, you’ll no longer have to worry about your IP address being exposed to the public.

Plus, besides just securing your smart home, a VPN can be really useful when you’re out and about. For example, you can install a VPN on your mobile device to safely use public WiFi (even if it’s unsecured) to access your smart devices at home since your connection will be encrypted.

And, as a more less privacy-oriented benefit, you’ll also get to bypass geo-blocks that keep your from amazing online entertainment. Doesn’t have much to do with security, but it’s worth mentioning.

Conclusion

While having a smart home can be extremely convenient, there’s also a lot of risk involved. You see, connected devices aren’t always secure, and hackers can easily exploit connection vulnerabilities to take control over them or steal sensitive information from them.

What’s more, smart device connections on your home WiFi can be exploited as well, and your remote connections to said devices on public WiFi can be intercepted by cybercriminals.

Luckily, securing IoT devices isn’t particularly hard.

You can do things like setting up a guest WiFi network, changing the default usernames and passwords on your connected devices, enabling 2FA, keeping the device software and router firmware up-to-date, and – most important of all – using a VPN – both on your mobile devices (for when you need remote access to your smart home) and on your router.