How to Protect Your Smarthome from Attack
Every new device you introduce into your smarthome is another device that can be attacked. You can secure your smarthome with simple steps like locking down your router and taking proper care of the gadgets in your smarthome.
Start with Your Router
Most smarthome devices require access to the internet to work correctly. While not all devices connect directly to the internet (like z-wave bulbs), those that don’t typically connect to a hub or other device to gain internet access. So in many ways, the single most significant point of vulnerability is your router.
And securing your router should be your first step. You should change your default admin password used access the router. Update the router’s firmware if it’s out of date, and enable encryption. Always use a complicated password unique to your Wi-Fi router. With a standard (not-Mesh) router, you can accomplish all of this from the router’s web interface. All you need is to find your router’s IP address. Mesh routers, on the other hand, don’t have a web interface. You’ll make the changes from an app.
If your router’s manufacturer isn’t offering new firmware anymore, you should consider replacing it. While we usually say most people don’t need a Mesh router for their homes, smarthomes do benefit from them. You gain better coverage for all your Wi-Fi devices, and most Mesh routers automatically update the firmware and offer additional protection services as a subscription.
Use Unique Passwords for Every Device
Many smarthome devices require a password when you set them up. Usually, that involves downloading an app and creating a user account. In some cases, like Z-wave light bulbs, you’ll create a single account for a Hub to use with several devices.
Every device you create an account for should have a unique, complicated password. If you reuse passwords across services and smarthome devices, you run the risk of a single compromised unit leading to additional points of vulnerabilities across your home.
If you don’t already, consider using a password manager. Services like LastPass or Dashlane can help you create and keep track of long and complicated passwords. You might think password managers are only for saving website credentials, but you can save any kind of password in them. Additionally, you can store secure notes, files, bookmarks, and more in a password manager.
Turn on Two-Factor Authentication Wherever Available
Two-factor authentication is an extra layer of security beyond the simple password. With two-factor authentication, after you provide your password, you then give additional proof of identity. Typically that comes in the form of a code, either randomly generated by a phone app or sent to you through a text or phone call.
Unfortunately, offering two-factor authentication isn’t very common in smarthome devices, but that’s starting to change. Nest and Wyze both offer two-factor authentication now. Security cameras are the devices most likely to have two-factor authentication, and you should absolutely use it with them. As one couple found out, rather than try to break through your router, an attacker may have an easier time using stolen credentials to log into the accounts associated with your smarthome devices. Two-step authentication can help prevent that from happening.
Check the apps associated with your smart devices wherever possible turn it on. We recommend pairing two-factor authentication with an authenticator app, like Google Authenticator for iOS and Android.
Update Firmware on All Your Devices Regularly
Just like your router, you should update the firmware for all your smarthome devices regularly. Firmware is essentially the software built into your hardware it determines the features and capabilities of your hardware. Manufacturers regularly find problems and patch them, and often add new features along the way.
Generally, you can update most smarthome devices through an app. That includes Z-wave and ZigBee gadgets you connect to a smart hub. You’ll check the smart hub’s app for those updates.
If the manufacturer no longer supports a smarthome device you have installed, you should replace it as soon as possible. If you aren’t sure, check the manufacturer’s website.
Buy Only From Reputable, Well-Known Companies
If you search Amazon for smart plugs, you’ll find dozens of options from dozens of manufacturers. Some you may have heard of, many will likely be entirely unfamiliar. It can be tempting to go with the cheapest option that promises the features you want, but you should investigate the company first.
Most smarthome device you introduce into your home communicate with servers in the cloud. The question is: “who owns those servers?” When you’re looking at a recently released product from an unknown manufacturer, there’s no way to know for sure where it communicates until someone tests it. Unless you’re a security researcher who enjoys the challenge, you probably shouldn’t be the guinea pig.
And besides that, the biggest problem with smarthomes is that your devices might stop working. The company can go under, disappear, or decide to move on to a newer product and end support.
Sticking with a large well-known company doesn’t guarantee that won’t happen, as seen when Lowe’s killed off Iris. But what you do get is a track record to examine. By looking over the company history, you can see how viable it is, and whether or not the company supports its products for mere months or years.
And with an established history, you can even see what a company handles failure. Wyze, the maker of some of the least expensive smarthome products you can ask for, ran into an issue where camera feed traffic went through servers in China. The company explained what happened, why it happened, and how it was going to fix it.
You may not like that it happened at all, but at least you know so you can make an informed decision on whether or not to buy the product, and that’s the point. If you found a product from a new manufacturer, try to find reviews from multiple sites. If all you can find is Amazon reviews, check Fakespot to see if the reviews are real. Try to find any history you can before making the purchase. If you can’t find established history and real reviews, skip the gadget.
Don’t Access Your Smarthome from Public Wi-Fi
Just like you shouldn’t check your bank account from public Wi-Fi, avoid accessing your smarthome from public Wi-Fi. Even if you’re certain you are a legitimate Wi-Fi network, you’re potentially exposing the devices in your home to anyone listening in. It’s best not to do anything sensitive on public Wi-Fi networks.
If you need remote access to your home, either use a device with LTE (like your phone) or consider setting up a personal Virtual Private Network (VPN) to connect safely.