The smart home and the so-called “Internet of Things” have revolutionized the home and are changing how we live by connecting the things we use. These days, anything from your coffee maker to your television and fridge can be connected and share data with other devices (and companies too). But do we need to worry about smart home privacy as a result of the connected home?
This data sharing does make sense. Why wouldn’t you want your sprinkler system to know when your weather station is recording rainfall? Or your coffee maker to know when you’re getting up in the morning? Those seem like useful and convenient things.
This additional connectivity comes with an added security risk, however. Yes, just like any other internet-connected device, criminals can hack your smart home. But addressing smart home privacy is simple if you understand how hackers might gain access and address those security lapses.
Smart home privacy: Where and how hackers break in
Before discussing how to protect yourself, you should first understand where the entry points for hackers are within your home. There are two areas to be worried about in the smart home: the smart devices themselves and your home network.
Individual devices offer a way into your home if your device connects directly to your Wi-Fi network. Not every smart home device is an entry point, however. For example, if your devices connect through a smart hub, the hub poses the greatest security risk since it connects directly to your Wi-Fi and the Internet.
But smart home privacy doesn’t stop at the smart device: your wireless network is also at risk from hackers. An improperly secured router not only puts your smart devices at risk of a break-in but any device that connects to it. This can potentially put far more than just data from your smart home at risk of a breach.
Some routers offer internet-based control, which you log in using your email address and password. However, if your email and the password you use are revealed in a data breach, smart hackers will use this information in an attempt to log in to your router’s internet account. Once in, they can change router settings without your knowledge, potentially installing malware and DNS settings that could deliver unwanted popups that track what you do.
This all might sound super scary and off putting, but it’s actually incredibly easy to run a super-secure smart home.
Our smart home privacy tips
Below, we’ve compiled a extensive list of tips from security experience and our own personal experience. Even implementing a fraction of the below tips will greatly enhance smart home privacy, and keep attackers at bay.
Securing your router
- Set up the firewall on your router. It will block a large majority of possible entry points for attackers.
- Change the default username and password on your router. People often use the default username and password, and hackers know this. It’s a good idea to use WPA authentication to create a secure network.
- Use a completely different password for your router than any other online password. This limits your risk of having your router compromised. It might be a good idea to turn this feature off if you don’t need it (most don’t).
- If your router doesn’t offer security features, replace it.
Secure your devices
- Ensure your devices are up to date with the latest software and firmware. This is probably the single biggest step to smart home privacy, as these often apply critical security patches to keep you protected.
- If your smart device requires a password, change it. Never use the default password.
- If you’re using a smart speaker, change the alert word. In the event of a break-in, an attacker won’t be able to use it to disable your security system or other devices.
- Buy smart home devices from reputable manufacturers. Cheaper devices from lesser-known manufacturers may not take smart home privacy as seriously.
- “Buyer beware.” Research before you buy. Does a company offer regular firmware and security updates? A visit to their support pages will often list recent updates. If they don’t, choose another brand.
- You don’t have to use the smart features if you don’t use them. Many devices allow you to turn this functionality off if you don’t need it.
- Use cloud services with caution. While some of these features might be useful, they can pose a security risk. Only use the services you need.
- Turn off Universal Plug & Play (UPnP). While this makes it extraordinarily easy to set up smart devices, UPnP is vulnerable to attack.
Secure everything else
- Ensure all computers and smartphones are password protected. Use difficult to guess passwords, if possible. Using a random password generator is a great idea.
- Don’t use your computers at the administrator or root level. Instead, log in for everyday tasks on a separate account without administrator access. Use the administrator account only to make changes to your system or install software that you would like available to all users.
- Always install security software on your computers. Regular scans will ensure that malware doesn’t find its way into your computers.
- Change passwords every six months. It’s a pain to remember new passwords, but regularly changing them lessens the risk of being discovered in a data breach and a hacker using it to gain access.