With the advent of the Smart Home, there’s a new set of security threats we have to contend with, and they’re all digital.
From botnets to WiFi smart cameras that “spy” on you, you may believe that your smart home is a potential pandora’s box of privacy invasions and hackings.
But you can enjoy the benefits of Smart Home technologies, and prevent these attacks from happening, by taking a few simple precautions.
In this comprehensive guide, we give you the step by step instructions you can take to lock-down your smart home and feel secure that no Russian Hackers will steal your grandma Betty’s secret lentil soup recipe after they’ve hijacked Alexa’s “always on” listening capabilities.
Let’s start from the beginning.
1. Multi-factor authentication
Whether you’ve installed one of those talking doorbell systems, or you have a smart fridge that lets you know when you’re low on frozen pizza, many of the smart home devices you have on your network use passwords.
And if you haven’t caught on to it yet, passwords are about as passé as the horse and buggy.
The way to secure your devices today is through multi-factor authentication. This is done either through combining a password plus a temporary secret code texted to you automatically (or through a robo-call) or via a little key-card that comes with the device that you hold up to the device to let them know you’re physically there, you need to set it up.
How to set up multi-factor authentication:
The good thing is that most smart devices already come with multi-factor authentication as the default. However, there are some devices that don’t have it.
If that’s the case you can enable it by acquiring third-party apps such as Authy or Google Authenticator.
Authy is a device that enables you to set up a two-factor authentication (2FA) to add to your network or device.
And even though most IoT devices have two-factor authentication that comes with the mobile apps that are associated with each of them, having an extra layer of security via a service such as Authy can give any homeowner peace of mind.
The video above from Authy explains how to use their application to set up two-factor authentication for multiple devices: (https://player.vimeo.com/video/79935776)
What Your Smart Device Vendor Can Help You With
If you’re having trouble setting up multi-factor authentication for your smart devices, many manufacturers have customer support reps that can help you set it up.
2. Install Malware Protection
Although you can’t install malware and antivirus software on your Nest or on Alexa, you can definitely secure the devices that control them – your phones and computers.
In addition to a firewall, antivirus and anti-malware software can go a long way toward preventing some of the most vicious internet attacks.
How to install malware protection and antivirus software
These types of applications are very common for PCs, but Macs need them now as well. And of course, the new frontier for viruses and malware are smartphones – especially of the Android variety.
You can install antivirus and anti-malware applications on your PCs, laptops or smartphones, or you can install a physical antivirus like a smart home cybersecurity hub.
Bitdefender box, one of the pioneering cybersecurity hubs, is sort of like a router and antivirus all-in-one. It connects to your WiFi router and serves as a super-charged physical firewall to protect all your smart devices, including computers and smartphones.
3. Secure your Wi-Fi
According to Wtop, avoid WEP, the most commonly used Wi-Fi protocols. Wired Equivalence Privacy (WEP) “…is weak and easily compromised,” according to experts at Tom’s Guide. They recommend switching to Wi-Fi Protected Access II (WPAZ) protocol and give it an obscure name that has nothing to do with your username and password.
Why is this important? Some of the scariest attacks can come from Wi-Fi threats, such as Wi-Fi cameras that might all of a sudden start sending information about your home valuables to thieves.
How to Secure Your Wi-Fi
Your best defense against a Wi-Fi attack is to encrypt your wireless network. According to Lifewire, to enable WPA2 encryption on your wireless router, follow these steps:
“1. Log into your wireless router’s administrator console. This is usually done by opening a browser window and typing in the address of your wireless router (usually http://192.168.0.1, http://192.168.1.1, http://10.0.0.1, or something similar).
You will then be prompted for the admin name and password. If you don’t know any of this information check the wireless router manufacturer’s website for help.
- Locate the “Wireless Security” or “Wireless Network” settings page.
- Look for the Wireless Encryption Type setting and change it to WPA2-PSK (you may see a WPA2-Enterprise settings. The enterprise version of WPA2 is intended more for corporate-type environments and requires a much more complicated setup process).
If you don’t see WPA2 as an option, then you may have to either upgrade your wireless router’s firmware to add the capability (check your router manufacturer’s website for details) or, if your router is too old to be upgraded via firmware, you may have to purchase a new wireless router that supports WPA2.
- Create a strong wireless network name (SSID) coupled with a strong wireless network password (Pre-shared Key).
- Click “Save” and “Apply”. The wireless router may have to reboot for the settings to take effect.
- Reconnect all your wireless devices by selecting the wireless network name and entering the new password on each device.
You should periodically check your router manufacturer’s website for firmware updates that they might release to fix security vulnerabilities associated with your router. The updated firmware may also contain new security features as well.”
4. Create Two Home Networks
Another way of securing your home network is by creating two networks: one for your computers and smartphones, and another for your smart home devices.
According to this MarketWatch article, Jerry Irvine, chief information officer of Chicago-based security firm Prescient Solutions stressed the importance of segregating your home devices on a separate network. You can do this by either purchasing a separate internet connection or by splitting an existing internet connection using a virtual local area network (VLAN).
How to set up a VLAN at home
Setting up a VLAN is the most cost-effective solution, and one of the ways we recommend to set up a second home network for your smart home.
To set up a VLAN, check out this useful guide from Flashrouters.
5. Change default usernames and passwords
Have you ever had the experience of using a garage-door opener to open up your garage and all of a sudden you also open up a neighbor’s garage? Me neither. But it’s a very common occurrence – and that’s because most of these devices are shipped with a default factory-set password.
The same is true for all your smart home devices, and hackers know this.
As soon as you take delivery of your new smart camera, toaster or smart blender, immediately change the username and password.
How to change your smart device’s password and username
All of your smart devices are accompanied by a mobile app that serves as the control interface. Go into the device app’s settings, locate the username and password section, and change it right away.
If you’re having trouble locating where you can change the username or password, call your manufacturer’s technical support number and they’ll walk you through it.
6. Buy From Trusted IoT Brands
It’s kind of ironic advising you to buy devices from only well-known brands since there’s a new IoT startup popping up every day. If you took this advice literally your choices would be severely limited.
So instead, we’ve named this sub-section “buy from trusted IoT brands.” Trusted IoT brands are those that either come from well-known manufacturers or have received lots of press, positive reviews and some significant round of funding.
Nevertheless, we recommend researching which brand of smart home device you purchase to avoid devices from obscure manufacturers with lax security protocols or whose owners have malicious intent.
How to Know Which Brand Is Secure
Usually, if your smart home device has appeared in some kind of “best of” list from a prestigious source such as PC Mag or Wired magazine, the device should be a trusted device. For example, PC Mag recently published a guide called “The Best Smart Home Devices of 2018, but there are other guides and leading products you will find with a little research.”
CNet has done the same thing, publishing an article with the exact same name!
7. Choose Devices That Update Firmware Automatically
Again, you’ve got to do your research here. It’s all in the details, and the more details you know, such as whether firmware or software is updated automatically, the better off you are.
But why is this important? Why not just acquire a smart device that leaves firmware or software updates up to the user? You could easily just remind yourself via a repeat calendar reminder to check for updates on a regular cadence, couldn’t you?
First of all, the more up-to-date your home device is, the more secure it is. Manufacturers are regularly monitoring security threats and patching vulnerabilities in their device’s firmware to keep ahead of the threat curve.
But why do we suggest automatic updates instead of manual updates? Mostly because smart devices are supposed to make your life easier, not harder. It’s easy to just forget to check for a manual update.
An automatic update, on the other hand, won’t just make your life easier, but it might just come at a critical moment when a surprise attack is imminent. Do you want to risk missing a window of opportunity to secure your device just because you weren’t keeping track of your vendor’s emails warning you of the latest coordinated botnet attack?
How to Update Your Device’s Firmware
If you really want to geek it out and update your device’s firmware and software by yourself, we recommend always checking for pending updates on your device’s app on your smartphone.
8. Disable Guest Network Access
If you haven’t set up a separate network for your smart home, or at least a VLAN, we recommend disabling guest network access for your home network. You’ll prevent your kids’ friends from inadvertently uploading a nasty virus to your network or a rougue repairman from deliberately infecting it.
How to Disable Guest Network Access
This doesn’t require any technical ability – it’s just a question of imposing a “no guest Wi-Fi” access rule. However, if this seems mean and un-hospitable, we recommend referring to number 4 above,
“Create Two Networks.”
9. Get a Dedicated Unified Threat Management (UTM) Appliance
We touched on this on number 2 above, but I wanted to delve a little deeper into it here.
You need a dedicated secure WiFi for your smart home network. End of story. There are too many vulnerabilities with a home full of connected devices, each with its own IP address.
Each one of these devices is a potential hacking vulnerability, and who wants SkyNet orchestrating a coordinated attack against you and your family using your smart devices as its commandeered weapons of choice?
Not me.
Fortunately, a new crop of Unified Threat Management (UTM) appliances have popped up on the market. As mentioned previously, Bitdefender Box 2 has emerged as the leader (being first to market). But not far behind are Norton with its Core secure router, the F-Secure Sense, and the Cujo.
So what exactly does a UTM do to secure your smart home?
As Bitdefender explains in their Box 2 product video, after connecting the box to your home network, it can:
- Detect all connected devices in your home, including those you might not be aware, are connected
- Device management allows you to control connectivity. For example, if somebody tries to connect, it notifies you.
- Provide you with detailed traffic reports
- Allows you to create user profiles with security preferences and rules
- A vulnerability assessment for those devices that aren’t exactly secure when they come off the assembly line
- Safe browsing features prevents your smart devices, such as game console or smart TV, from going out to the internet to unsafe locations
- Advanced parental control to track children’s internet activity
And more.
How to Set Up Your UTM
Each manufacturer has instructions for how to set up their particular device, but they’re pretty straightforward. Typical setup starts with downloading their app and having the app walk you through all the connectivity and setup issues.
Bitdefender has a setup instruction page. Norton includes free setup that they value at $69.99. F-sense also provides a setup guide, and Cujo not only provides a setup guide, but a cool setup video.
10. Get a Premium Support Plan
And speaking of convenience, there is nothing like the peace of mind of having a 3rd party service provider stand vigil on your home network, proactively protecting your smart home against threats.
Many IoT manufacturers offer support and premium support plans, and there are third party plans you can acquire as well.
How to Set up a 3rd Party Smart Home Support Plan
Companies such as HelloTech and Iris by Lowe’s provide premium support plans for smart homes. We recommend contacting these and other 3rd party plans to provide an extra layer of security over your smart home network as a whole, instead of implementing premium support plans on a piece by piece basis per device.
