Get CactusVPN for $3.5/mo!
Well, the truth is that smart homes aren’t exactly as hacker-proof as people would like to think they are. We’ll show you exactly why in this article, and we’ll also discuss how to secure your smart home and how to secure IoT devices in general as well.
IoT is a system of interrelated computing devices, objects, digital and mechanical machines, and even animals and people – all of them provided with a UID (a unique identifier for an entity in the system) and the ability to share data over a network. The only difference here is that the data can be shared without requiring any human-to-computer or human-to-human/animal/object interactions.
An entity in the IoT system can be anything from an animal with a biochip transponder to a vehicle with built-in sensors or a connected device you might use in your smart home (like a smart thermostat, for example) that has an assigned IP address.
IoT devices are some of the entities in IoT (the “things” in “Internet of Things”). Generally, they are nonstandard computing devices that have the ability to connect wirelessly to a network, and can also transmit data over it. IoT devices communicate with each other and share sensor data with users in an attempt to automate household and business tasks to a certain extent.
IoT devices go beyond computers, tablets, smartphones, and laptops. Some examples of IoT devices include:
A smart home is a house that is equipped with electronic, lighting, and heating IoT devices which you can control remotely using your smartphone, laptop, or computer. An example of that would be using your mobile phone when you leave work to access a smart thermostat to check the temperature in your home, or to see if the heating is on.
As convenient as smart devices are, they are pretty lacking when it comes to security – so much so that pretty much any hacker could take advantage of that.
Here are just some things that could happen if the IoT devices in your home aren’t secured:
Those aren’t just speculations or what-if scenarios – according to data, some smart home devices can actually be hacked in as little as 30 minutes and with just a simple Google search.
Another experiment showed how 3 hackers (ethical hackers, to be clear) just needed a van and a phishing email to unlock the front door to a smart home.
Even worse, according to Symantec’s own research, the average IoT device was attacked every 2 minutes at peak times back in 2017.
We can keep going on and on with examples like that, but you probably get the idea – securing IoT devices should be a priority if you have a smart home.
Unfortunately, a lot of connected devices don’t have built-in security, or it’s just poorly implemented. Some people like to argue it’s because smart device manufacturers try to save money on manufacturing and programming costs, resulting in IoT devices that:
A few years ago, a study raised concerns about smart devices by claiming that around 70% of them have security vulnerabilities. Sadly, things haven’t changed much nowadays, with approximately 85% of IoT companies saying there is a lack of a centralized responsibility for connected devices. Over half of those companies also said there weren’t enough resources to accommodate that.
Generally, you have to take steps to secure your WiFi router since that’s basically the “front door” to your smart home – given that connected devices use it to access the web. Of course, there are some specific things you can do to secure the IoT devices themselves.
Here’s a full list outlining all the actions you need to take:
All routers come with a predetermined name assigned to them by their manufacturer. The problem with that is that it is information a hacker could use to find out what router model you have. To avoid that risk, simply rename it to something that doesn’t give away its model or other personal identifiers (like your street name).
You should also consider renaming your WiFi network to something more obscure and random, so that it doesn’t tell online users anything about you and/or your life.
For instance, don’t just call it “My House,” “[Your Name] House,” or “[Your Name] WiFi.”
Instead, call it something like “Undercover Police” or even a random string of digits like “34Fghe.”
We recommend setting up a guest network separate of your private WiFi network, which friends, family, and any other guests who visit can use.
That’s not to say you should suspect anyone who comes over of any hacking attempts, but it’s just safer to generally keep the WiFi that’s tied to your IoT devices only to yourself.
In certain cases, hackers can actually find out what an IoT device’s default username and password are with a simple Google search. Yes, sometimes, a few seconds is all it takes for someone to get control over your smart house.
So, it’s best to change the default usernames and passwords. Make sure the username doesn’t contain any personally identifying information, and that the password is a strong one (lowercase and uppercase letters, symbols, numbers, and so on).
Also, you shouldn’t save the password on your computer or mobile device – either write it down or use a password manager (like KeePassX, for example), or both.
If your connected devices don’t allow you to change the default username and password, you should consider getting different ones that do. It seems like a minor issue, but it’s a serious vulnerability that cybercriminals can exploit.
To be safe, you should turn off any connected device features you don’t use. For instance, if you have a smart thermostat but never use the remote control feature, you should just disable it.
Besides that, you should also check each device’s privacy and security settings. Usually, the default settings are pretty good, but if you see a way to tweak them for extra security, go ahead and do it.
Many online services and connected devices support 2FA (2-Factor Authentication) – basically having a code sent to your mobile device when you want to log in to confirm it’s really you, for instance.
Securing IoT devices is more efficient if you turn 2FA on. If a smart device doesn’t have 2FA support, you should really consider getting one that does.
Remember to check your IoT devices’ and router’s manufacturer websites for updates on a regular basis. Those updates often contain security-related changes that helps you better secure your connected devices and router(s) against hacker attacks.
While we’re on the subject of software and firmware updates, it’s a good time to mention it’s best if you stick with recognizable and big brands when it comes to IoT devices, not lesser-known ones that are cheaper.
Sure, Google and Amazon aren’t exactly known to respect user privacy, but they’re less likely to risk their reputation by skipping out on security updates.
While you can’t install or set up a VPN client on all smart devices, you can configure the service on your router. Don’t forget – all your home’s smart devices will connect to your router in order to access the web, so that they work as intended.
When you set up a VPN on your router, all the devices that connect to the web through it will be able to take advantage of the VPN’s features – specifically its encryption protocols. Simply put, you’ll be securing IoT devices by doing that since all the traffic and data shared between them and the web will be encrypted.
As a result, nobody (not your ISP, not government surveillance agencies, and certainly not cybercriminals) will be able to eavesdrop on sensitive information and exploit it. What’s more, you’ll no longer have to worry about your IP address being exposed to the public.
Plus, besides just securing your smart home, a VPN can be really useful when you’re out and about. For example, you can install a VPN on your mobile device to safely use public WiFi (even if it’s unsecured) to access your smart devices at home since your connection will be encrypted.
And, as a more less privacy-oriented benefit, you’ll also get to bypass geo-blocks that keep your from amazing online entertainment. Doesn’t have much to do with security, but it’s worth mentioning.
We’ve got you covered – our high-end VPN service uses powerful AES encryption to secure your online traffic and personal data. Nobody will ever be able to snoop on your connected devices’ online connections to steal sensitive information.
What’s more, we also enforce a strict no-log policy, meaning we don’t collect any of your info. So, your privacy is 100% protected on our end as well.
And once you do become a CactusVPN customer, we’ll still have your back with a 30-day money-back guarantee.
While having a smart home can be extremely convenient, there’s also a lot of risk involved. You see, connected devices aren’t always secure, and hackers can easily exploit connection vulnerabilities to take control over them or steal sensitive information from them.
What’s more, smart device connections on your home WiFi can be exploited as well, and your remote connections to said devices on public WiFi can be intercepted by cybercriminals.
Luckily, securing IoT devices isn’t particularly hard.
You can do things like setting up a guest WiFi network, changing the default usernames and passwords on your connected devices, enabling 2FA, keeping the device software and router firmware up-to-date, and – most important of all – using a VPN – both on your mobile devices (for when you need remote access to your smart home) and on your router.