Over recent weeks we’ve heard about staff at the head office of a major smart home security and environmental control manufacture sharing video that the home security cameras with colleagues. It’s hard to define this abuse of trust a breach as such, but it does highlight the responsibilities service providers have to look after their clients’ interests when they put themselves in a position of trust.
Concurrently a homeowner in California had her home system hacked. She was told that North Korea had launched a retaliatory missile attack, followed by sounding alarms. Then there was a family in Illinois who had someone talk to their baby, swear at them, and turn the heat up to above 30 degrees. Other households have had people watching them and speaking to them via their security cameras, threats made against their children and loud music played over baby monitors. While being frightening, so far there have been no reported incidents of people taking over a home network and using it to facilitate a crime but it’s a distinct possibility that it could happen if people don’t tighten up the way they secure Smart Home Devices when connecting them to the network.
Security First, Last, And Always
Nest, Google, Samsung, Amazon etc all recommend that you change the security settings as soon as you’ve connected the relevant technology to the Home Hub. You usually have the option of implementing a two factor authentication method when you want to change any security settings, meaning that you need both a password and a code that the company will send you upon request. Unfortunately, most people don’t take advantage of this option, and rely instead on their good fortune and trust luck over advice.
Security experts are talking about initiating a system that will reject compromised passwords, those default passwords which have been revealed on the internet, but currently anyone with a yen to can find the default passwords that a range of goods ships with. Once they have that information they can find those devices and attempt log-ins at will. If the passwords haven’t been changed by the user then they can be controlled from anywhere. Pranksters can talk to the kids, send air raid warnings, or play music, but genuine criminals can turn off security cameras, facilitating break-ins, or capture credit card and banking details.
Applying strong security to your home network isn’t very time consuming, takes little technical knowledge and can protect you from the examples of data breaches sited above.
Six Steps To Strong Smart Security
1, Give your WiFi router its own name and password. Make sure it’s not identifiable as the one at your house. So instead of calling it anything like ‘The Jones’ WiFi’ or your home address, consider using something memorable but unidentifiable, such as ‘Tell My WiFi Won’t Be Back For Breakfast’.
2, Use a password manager which can create a sequence of numbers, letters and symbols it’s impossible to predict. You get to choose how many characters the password has, from 6 to hundreds or even thousands. (It’s unlikely that you’ll ever want a password that strong, but it’s there if you want it!) You can use your password manager to create and store passwords for all of your connected devices, and logging in to it requires a two stage authentication process in itself.
3, Change the default names and passwords for everything. For your home hub to work properly you’ll need to give a lamp a name such as ‘bedroom light’ but never call it anything more than is necessary.
4, Check the settings and default features on your devices. If they allow remote access, consider whether you want it to be controllable remotely, and if not, close it down.
5, Keep all of your antivirus and software updates up to date. As data breaches, back-doors and successful hacks are identified, developers write new code to protect against it working again. Keeping your devices up to date means it’s unlikely that yours is a device they’re able to access.
6, Avoid using public WiFi. If you don’t know exactly who you’re logging in with then accessing data from an unknown source could see you downloading Trojans or viruses which you might then introduce to your home network next time you log in at home.
Shining A Light On Weak Security
It was recently also found that some devices themselves store data which can be used to compromise your security. For example, cheap brands of smart light-bulbs were found to have stored unencrypted details of the home network name and password. If you’re networking on a budget, or just security conscious, it’s recommended that you put IoT devices on a guest network that operates in isolation from the world wide web. This means that they can all communicate with one another, and work perfectly, but they can’t gain access to the outside world. You can still use your tablets, phones, and desktops to access the web, but your lights won’t.
Making a guest network couldn’t be easier. In fact it’s so simple there’s no reason not to do it, no matter how secure you believe your devices are already. You’ll still be able to control them, maintaining all their functionality, but if hackers access them then there is no way for them to further access your personal computers, or phones.
To set up a guest network simply:
*Open the wireless settings page
*Click on ‘enable guest network’
*Enter an SSID, that is, give it a name (see tip 1 above)
*Enter the password
*Change the password to one which is more secure
Save all that and you can now add light bulbs, kettles, speakers, your access control and CCTV and all your other IoT devices to that network.