What does security really mean?
Security refers to how difficult or easy it is for an Attacker to gain access to your Smart Home device, and once gained, how much control they have and what they can gain access to. Note that security and privacy are not the same thing. Privacy refers to how much information is available that could identify you or your interactions and habits. It’s tied to security, but not totally the same thing.
Quick side note: I’m not a fan of the term hacker that is generally used, so we’ll go with Attacker instead.
Why is security a big deal?
Smart Home security is a hot button issue these days. Every other day there’s a new article about how Attackers have gotten access to user’s homes by an unsecured device. Currently, Amazon’s Ring Door Bells are often in the news as yet another user discovers an Attacker has taken control of it. Here’s one talking about problems customers are having with security. And another talking about some of Ring’s practices. However, Ring isn’t the first company to run into security problems, and it won’t be the last. Security is an industry wide issue that has been going on for a few years now.
But regardless of what the news outlets say, it’s not all doom and gloom. Smart Home security isn’t much different than any other technology security you have at home. The key difference is now you have more of it at home. And the more you have, the more ways an Attacker can gain access. As a user, it’s important to stay vigilante for your home network security.
What can an attacker really do with my device?
Attackers could have many different reasons for attacking you specifically. Some of this depends on what sort of Smart Home devices you have and what the Attacker already knows about you. Generally, there are a few things an Attacker is looking to do.
Since Ring is in the news often these days, let’s use them as an example. A Ring Camera has a few things that may be valuable. For instance, an Attacker may want to view the camera feed directly or sell it to someone else who would (generally what’s happening), or they might want to get some of your personal data like:
- Login info for any accounts
- Location info
- WiFi passwords
- Network details
This sort of personal data can be used to let an attacker into your Amazon account (in Ring’s case), or it could point an Attacker to another device on your network that may be easier to compromise. Some of the info they collect could be compiled alongside other targets targets that have been successfully attacked and sold off to the highest bidder. And since most people reuse passwords for different accounts and services, it might also open up attacks on other accounts, like your bank.
This scenario doesn’t just apply to cameras and security systems. An Attacker could also take control of your Smart Lights. Even though Smart Lights might not have a ton of your personal info (although it could have some), an Attacker could then use Smart Lights as a way to access other Smart Home devices in your home–possibly even your computer.
Some of the more clever things an Attacker can use your device for are Botnets and cryptocurrency mining. Both of these involve the Attacker installing software on your device and using your power to generate money for the Attacker in the case of Bitcoin or Denial of Service Attacks in the case of Botnets. Both of which slow down your devices as they become bogged down by other tasks, unknown to you.
How do I get targeted?
Many Attackers start by getting access to one device on your local network, and they use that device to then gain access to others. The first device is typically the most challenging for Attackers to get access to, as it requires knowledge of you and your network. This personal information can sometimes be found from other internet accounts you may have, such as your Ring account itself. If an Attacker can gain access to that account (by uncovering the password for example), then they can track down your network.
How can you improve your security?
Passwords are your best defense against Attackers. Your best line of defense is to update your passwords to something more complicated and to make sure passwords aren’t reused for different purposes. Yes, it’s a pain to have complicated passwords, but you’ll be glad you did it. And if a service supports two factor authentication, enable it.
Keep your devices updated. Manufactures and Attackers are constantly battling against one another to find and close new loop holes in software that allow Attackers easy access. By staying up to date, you close known loop holes in your devices.
Before buying a new device, research its security. There are some things you can do before buying something new, too. In this category, you typically get what you pay for. If a Smart Home device seems to be cheaper than others, often one of the features that’s missing is security. These sort of devices are much easier for Attackers to gain control of and do as they please.
How devices work has an impact on its vulnerability. Devices that have limited access generally have less opportunities for Attackers. For example, a Smart Light bulb that doesn’t require an internet connection in order to function is generally more secure than one that does. This is because an Attacker doesn’t have the ability to target the Smart Light bulb via the internet.
Summary
To reiterate, security refers to how difficult or easy it is for an Attacker to gain access to your Smart Home device, and once access is gained, how much control they have and what they can gain access to. There are challenges with security in the Smart Home space today, but it’s not insurmountable to keep your network safe. Fortunately, there are a handful of preventive measures you can take to improve your security. For instance, I recommend you do some research when buying new devices regarding their security, and make sure you keep them up to date. As for the biggest piece of advice, make sure your passwords are complex and not reused on any accounts and devices at home. With these tips, you’ll be much more difficult to attack.
