7 tips for protecting smart home devices against cyberattacks
Advertisements for smart home devices usually paint a promising picture of a sophisticated smart home. A home where the life of family members is made super convenient due to the use of intelligent locks, televisions, home appliances, baby monitors and even lighting and air-conditioning systems. It is a home where, consumers can talk to their devices to change settings or to switch them on or off. They can unlock this smart home using their smartphones. The smartphone can also be used as a remote control for all the other devices in the house. The market for smart home devices is lucrative at the moment and any dealer of electronics and home equipment would definitely want to profit from it by stocking a variety of devices. It would be advisable, however, to choose manufacturers wisely and instruct customers on secure use of these devices. Any security issue encountered by the customer can affect the reputation of manufacturers, dealers and installers.
The reason why smart home devices are smart is because they are connected to your wireless network which in turn is connected to the internet. They are part of the large and continuously expanding Internet of Things (IoT) network. Modern thieves need not physically break-in into homes. They can remotely tamper with the thermostat or unlock the door if they hack into the network of devices. As such, implementing proper security measures for smart home devices is a priority when setting them up. Security should also be a continuous activity where consumers need to ensure that systems and software are up-to-date. This can be part of the service agreement between the consumer and the dealer or manufacturer. Security is not only essential for the end-user but also for the dealers who install them. With this in mind lets dig into a few cybersecurity measures that can go a long way in ensuring the safety and continued convenience of smart homes.
1. Deal with trusted and known manufacturers
Whether you are a dealer of smart home equipment or an end user, it is better to do the due diligence before choosing manufacturers. The range of equipment available in this sector is growing quickly. Along with the known providers like Samsung or Philips, there are many cheaper devices in the market from Chinese manufacturers that integrate well with Alexa, Google Home or have Android/iOS apps available. They may provide the same features but not the same level of security. As such it is important to look for security-related information provided by the manufacturer and ensure that it is in a language which would be easily understood in your country. Check that installation and set-up has sufficient number of configurable options available and the manufacturer has a clear returns policy.
2. Change usernames and passwords
Most smart home devices should allow you to change the default username and passwords. Service representatives who set-up these devices should ensure that they ask the customers to change the password when they visit to set up the device. Recommend using a strong password which would be difficult to guess. It would be better to ask the customer to set the password of his/her choice rather than the service representative doing it.
3. Set up two-factor authentication
Two-factor authentication is where you are asked for additional proof of your identity when you try to access a device or service. For example, request to enter an OTP that you receive on your phone or to verify your fingerprint or face. Some smart home devices may allow setting up of two factor authentication. Customers should be advised to set this up when setting up the new device.
4. Install security updates
Security updates may be required even on newly purchased devices. The version of firmware on the device depends on its date of manufacture which may be quite a few months before an end-user purchased it. As such it is necessary that the device be updated to the latest version during the initial set-up. Dealers should advise customers to do this and to install security patches at regular intervals not only on the device but also on the smartphone app.
5. Install malware protection
Smart home devices can be mainly controlled through smartphones and computers. A hacker who gains access to these control points can control all the devices. Thus, protecting those computers and phones with the latest antivirus software has become more important that it was before. It would be a good idea for smart home equipment dealers to sell antivirus software along with the devices as a package deal.
6. Disable unused settings and features
Customer service representatives should educate customers on different options available during set-up, check what is actually needed by the consumer and disable features or settings which are not required.
7. Secure the Wi-Fi connection
When installing the device at a customer’s residence, dealers should ensure that they are using a secure Wi-Fi network. Smart home devices may be controlled from anywhere across town or even from another country. However, consumers should be advised to avoid accessing them on a public Wi-Fi network. It is safer to use the data plan or a secure VPN over Wi-Fi when remotely accessing the devices.
While the above measures are very specific to smart home devices and the apps controlling them, security of home Wi-Fi, computers, smartphones, etc. are also relevant. The smart home eco-system automatically includes these and protecting them is key to smart home security systems. When it comes to smart homes it would not be incorrect to say that, “with great convenience comes great vulnerability.” So appropriate steps need to be taken to eliminate this vulnerability. Finally innovation in the smart home segment is just taking off and happy and satisfied consumers mean repeat business. As such, it is better to ensure that you are selling them devices that will not harm them.
About the Author:
David Smith is a cryptographer with 12 years of experience in both the public and private sectors. He is currently working on his second startup (currently in stealth mode) that will track and interpret the use of contactless payments in the Greater China region. His expertise includes system design and implementation with contact and contactless smart cards, smart card personalization, mobile payments, and general knowledge and experience with APAC market trends and consumer preferences. David occasionally consults with smart card companies at websites like Cardzgroup.com.