Keep Your Smart Home Devices Secure
December 02, 2019
By EisnerAmper’s Information Security Cabinet
Recent reports by North Carolina State University and Florida International University indicate that many popular “smart home” devices—including Wi-Fi-enabled thermostats, light switches, power adapters and surveillance cameras—are at risk of leaking their users’ information and increasing the chances of a successful cyberattack. Some of these devices are also used commercially.
One major concern is that such an attack could escalate into burglaries and other real-world crimes, because the devices’ activity logs can be compiled into profiles about when the home (or business) occupants are away. For example, thieves are aware that most internet-enabled home security cameras operate by an on-demand recording function where they are active only when motion is detected. If the camera system’s signal is jammed or otherwise disrupted, the homeowner will not receive a notification that something is wrong. It is best to set the system to a “heartbeat” notification, where any system disruptions (e.g., loss of signal, power outage) will result in an alert.
Even if the Internet of Things data is encrypted via the local router, an attacker could gain access to sensitive information from smart home devices simply by being in the area. Researchers have found that a hacker inside or near a building can passively obtain signals about the status and actions of smart home devices. The hacker’s goal would be to infer the state of the devices and correlate that with specific times. For example, a smart-lock steadily in the locked position, the thermostat turned down, and no activity on motion sensors would indicate that no one is present, thus offering a prime opportunity for intrusion.
If you currently use or plan to purchase smart home devices for your home or workplace, cybersecurity experts recommend that you review the settings on your Wi-Fi router(s) to check for unknown devices using your signal, regularly update your wireless access password, and disable your SSID broadcast so it is not openly visible.
For more information about how to increase security when using smart home devices, check out this article.