10 easy tips to protect your smart home devices from unwelcome visitors

What you may not realize is that the insecurities of smart devices can provide a path into your entire network.

By Hannah Rhodes, Consumer Watchdog Associate

Feb. 15, 2022

Smart home devices, part of the network known as Internet of Things (IoT), are incredibly popular. In 2020, it was estimated that almost 37 percent of U.S. households had at least one smart home device – a number that has grown and will continue to rise.

With smart devices that listen and respond to you, it is logical for consumers to have their guard up because the security risk is more obvious. But a lot of other consumer products — fitness equipment, doorbells, light bulbs, plugs — are smart devices nowadays.

With those types of smart devices, we may not consider the risk. After all, many of us are not worried about a bad actor flipping our lights on and off.

What you may not realize is that these insecurities can provide a path into your entire network.

What have security researchers been able to hack?

  • Which?, a UK-based company focused on consumer protection, set up a smart home in 2021. During the busiest week of testing, researchers uncovered 12,807 unique scans or attack attempts against home devices. More than 2,000 were attempts to access devices with default usernames and passwords.

  • Two vulnerabilities found in 150 HP multifunction printer modelswere discovered by security researchers at F-Secure in 2021. Security researchers could steal information including printed, scanned and faxed documents, as well as access other devices in the network to spread malware. HP has since fixed this vulnerability and owners of these printer models can visit support.hp.com/us-en/drivers to make sure their printer’s software is updated.

  • Check Point, a software firm, tested the Philips Hue smart bulbs and, following a five-step process, were able to enter the targeted IP network to spread ransomware or spyware in 2017. This particular vulnerability with the Philips Hue smart bulbs has since been fixed, but owners of these light bulbs should make sure the products continue to be updated to the latest version.

  • Researchers from Pen Test Partners, a security firm, successfully hacked a thermostat back in 2016. A few years later in 2019, a couple from Wisconsin alleged they experienced this in a smart home hack, with a voice speaking to them through their camera and their thermostat being set to 90 degrees.

Why would smart devices be targeted by bad actors?

Credit card and identity theft remain two of the biggest threats for consumers. But with 18 percent of American consumers worrying about viruses and malware, smart device insecurities should not be overlooked.

For one reason, with many smart devices, hacking them is not as difficult as it should be. Smart devices are often designed as products first with security as an afterthought. Norton, a software company, said, “Security usually isn’t a top priority for IoT device makers.”

Adam Wright, a senior research analyst for the smart home at International Data Corporation (IDC), told TechNewsWorld, “Many devices are still being shipped from the factory with inadequate security protections in place, such as security codes to access the device being 1234 or 0000.”

The safeguards you’d hope to have in a device that connects to your Internet might not be as strong as you’d expect. Norton lists other potential security flaws, including no system hardening to reduce vulnerabilities and no process for updating software, where the original software could have weak codes.

Accessing smart devices may not be as lucrative as credit card numbers or Social Security numbers, but that doesn’t mean there isn’t information that bad actors would like to find. After all, most are not after your thermostat. They’re looking for the entrance point into your entire network.

For many consumers, the good outweighs the bad with smart devices. No matter what, if you follow all these tips or even only a few, you’ll be in a better position to safeguard your home from unwelcome visitors.

  1. Create a guest WiFi network for smart devices. Having a separate WiFi network for smart devices allows you to protect your other devices, such as your work laptop or your phone. HelloTech has an easy to follow guide on how to set up a guest WiFi network in your home.

  2. Update your devices. It’s easy to put off a software update, but with smart home devices, keeping them current with new updates is important. Software updates often address weak codes and strengthen the smart device’s security.

  3. You only need one administrator. With many smart devices, you can have multiple people control them, but more people creates more risk. Having only one administrator lessens the chance for a bad actor to enter your account.

  4. Change the default username, password and settings. Any default usernames and passwords are easily exploited by bad actors who may already know them. Default settings also may not be up to your standards. Explore your device privacy settings to see what’s best for you.

  5. Strong passwords are important. It can’t be emphasized enough that passwords are beatable by bad actors. Some ways to strengthen your passwords include using sentences instead of just words, having a unique password for every account and switching them up every few months.

  6. Two-factor authentication is the way to go. If there is an option for two-factor authentication, use it. Two-factor authentication requires two pieces of information before you can log into an account, such as your password and then a code that would be sent to your email or phone. This is a simple way to give yourself more security by being able to view who is entering your account.

  7. Smart home devices don’t belong in the bedroom or the bathroom. One of the best ways to protect yourself is to limit the opportunities that bad actors have. With devices that have cameras or microphones, it’s better to be safe than sorry.

  8. Not using it? Turn it off. With smart printers, toasters, vacuums or the other plethora of products, we don’t need them turned on all day. One way to safeguard your information is to disconnect it if not being used. Similarly, with device settings that include location tracking or remote access, consumers can turn it off if not needed for the device.

  9. Beware of public WiFi networks. Bad actors can position themselves so your information is not being sent to the WiFi hotspot, but instead to them. With smart devices, or any device at all, use public WiFi networks sparingly and with caution. A good way to protect yourself is a virtual private network (VPN).

  10. Research before you buy. Smart devices that allow you to control privacy settings, have automatic software updates and have two-factor authentication are safer than those without. If the device does not allow you to change settings or default passwords from the manufacturer, it can be a security risk.

Certain consumer protections have been the law of the land for years now. Here are some notable laws to be aware of when protecting your information.

  • Electronic communications: The Electronic Communications Privacy Act (ECPA) protects wire, oral and electronic communications from unauthorized access, including when the communications occur, while in transit and if stored on computers.

  • Financial information: The Gramm-Leach-Bliley Act (GLBA) protects non-public financial information from unauthorized access.

  • Healthcare and health insurance information: The Health Insurance Portability and Accountability Act (HIPAA) protects healthcare and health insurance from unauthorized access.

  • Children’s data privacy: The Children’s Online Privacy Protection Act (COPPA) requires any company that collects data on children younger than 13 years old to receive consent from parents or guardians, outline their privacy collection process and allow them to delete data about their child.