Smart technology is convenient and fun to use—a lot more fun than dwelling on their security concerns. We’re here to inform you of the risks of IoT and smart home devices so you can decide for yourself whether to use them and how to boost your online security.
Here are a few devices likely in your home right now that you might not realize can make you more vulnerable to cybercrime.
[Get more privacy tips. Sign up for the ExpressVPN Blog Newsletter.]
1. Smart doorbells
A British security consultancy did a study of smart doorbells in November and found multiple security flaws that could allow hackers to steal network passwords and attack routers, thereby also hacking other connected devices. In the worst individual case, a Victure smart doorbell was found to be sending sensitive unencrypted data to servers in China.
2. Smart smoke detectors
New smart smoke detectors have useful features such as the ability to differentiate between carbon monoxide and smoke, but they also connect to and communicate with your phone through apps and can engage with other smart-home features, like making smart lights flash in case of emergency.
These features have their merits, but the interconnectivity of these devices makes them vulnerable, and they can also be used to create a distraction if there is some kind of physical break-in.
3. Smart thermostats
Smart thermostats can save us money and make our homes more environmentally friendly: They can collect information on our usage patterns and find the right times to turn off heating or air-conditioning.
However, not only are they often app-driven, giving them a link to our phones, there have been serious security issues in the past. For example, the Google Nest learning thermostat had a device firmware update mode that was designed for diagnostics and repairs but was exploitable by hackers who were able to use it to run their own software from the thermostat remotely.
4. Smart lights
Like smoke detectors, smart lights come with the dual cybersecurity concern that they can be used as a network entry point and if hacked can help to facilitate a physical crime.
5. Smart toilets
To be fair, the smart toilet is not a device that many of us are blessed with. But the fact that toilet security is even a concern speaks volumes about how far-reaching IoT devices have become in our homes.
Seven years ago, security researchers from Trustwave made a splash (no pun intended) when they revealed serious security flaws with My Satis toilets made by LIXIL that could allow a hacker to remotely open and close the toilet’s lid, activate the bidet, or flush constantly.
While this isn’t a problem that the majority of people need to lose sleep over, it provides food for thought for those who’ve gone the extra mile with their bathroom technology—and provides an instructive example that cybersecurity needs to be a priority in every room of your house.
What do attacks on IoT on smart-home devices look like?
There are various dangers or disruptions that can happen if your internet-connected appliances are hacked in isolation—for example, your thermostat being turned up or a creepy voice coming out of your security camera. But perhaps the greater concern is a successful hack into your device creates an opportunity for an attacker to gain access to your network, including, say, your laptop. Finding a place to begin to operate within that network is often the primary goal of targeting smart appliances.
If you’re working remotely, an example of a logical initial access point would be your printer, which is in direct communication with your computer, where not only might your personal data reside, but it may also connect to the corporate network of your employer. Whatever the exact case may be, the objective of a cyberattacker is to gain an initial foothold in your network. Once that happens, it opens the door for them to move laterally within it until they find their target.
It’s possible for someone skilled enough to breach the network of a large organization through a seemingly benign device like a smoke alarm and work their way into an enterprise HQ network, opening the door for DoS attacks or ransomware attacks. For an individual, the results might not be as dramatic, but the process is the same. Find a weak link to gain purchase in a network, then work towards the real target. In a home outfitted with smart devices, there are a significant number of avenues to make that happen.
Tips for securing your smart home devices
Change your device nicknames
One of the simplest tips for securing your devices is changing their nicknames on your Wi-Fi to make it unclear which one is which to anyone but you. That may sound like a rudimentary solution, and it is, but someone who’s looking to break into your network may have particular devices in mind that they see as vulnerable, and you have the ability to muddy the waters slightly.
Put your devices on separate networks
You can also keep IoT devices in your home with less sophisticated security on a separate network from your laptop or phone—or whatever devices that contain the most sensitive data or passwords. Your smart refrigerator doesn’t need to communicate with your computer to function properly, so there’s no need for them to be on the same network. This strategy cuts down on the access points to your more valuable data.
Go analog
Another way to cut down on access points is to consider how “smart” you need the items in your house to be. Smart locks and doorbells feature impressive technology, but the analog versions perform their functions fine and don’t add to your cybersecurity headaches. A home assistant may seem convenient, but you were probably doing fine without one a couple of years ago. We’re not here to tell you what kind of items to fill your home with, but it’s worth mentioning that the best way to avoid some of these concerns is to decrease the size of your IoT footprint.
Read more: Is your car spying on you?
Comments
Playing video
When you know your cellphone is being used to listen in on your conversations when you are using the phone or even if it is just laying there in your presence, and your text are being read, how do you stop this? Wil a vpn on your phone help? Can the malware on the phone be detected and removed? If so, how and by who?
The only problem I have is the VPN locks me out of a few websites, like Bass Pro Shops. Turn off the VPN and I get right in. Don’t understand this.
Why have the thing if it impairs my ability to get to the internet?
Is there some unseen threat regarding the Bass Pro Shop site? What’s the solution?
Here are some tips: https://www.expressvpn.com/support/troubleshooting/trouble-accessing-specific-websites/
I don’t have the smart devices listed but my daughter just got a new house that has them. I wish there was a way I could share this with her. Lol I’m sure I’ll never be rich enough for a smart toilet. I didn’t even know they existed 🤣🤣
will this stop lag switching and ddoss on my xbox one
I just loved expressvpn I’m using the on in only VPN I trusted and best thing customer service available every time but on problem hope you guys fixed ping problems in in pubg game 🤗
I have home office and all my devices https://www.expressvpn.com/ and https://www.worktime.com/ installed. Totally satisfied!
Thanks for the advice I’m having hard enough time trying to just keep one device connected
I want to put Express VPN on two other devices and I am under the impression that I can have it on five whereas I only have it on two. Is that correct and how would I add it to the other devices?
You can install the ExpressVPN app on as many devices as you’d like, while five of those devices (under the same account) can be connected to ExpressVPN simultaneously. Refer to these tutorials to install the app on your devices: https://www.expressvpn.com/support/vpn-setup/
I see the same issues. Most of the time I just want to return to less high-security issues. I do not ever remember missing an important event just because I need to receive a phone call. My physical lock worked very well protecting my home, My bank statements never went to a crime syndicate, and I was not in fear of my life just because my phone never rang unless someone needed to speak with me.
As far as I can see, our progress has been backward, with less confidence in ourselves to keep safe, and protect our assets. We have become weak with “progress”. Jodi
Nick, you forgot to mention the TV/home entertainment system, intercoms, microphones, radios, etc. that are able to spy on you, even when they’re ‘off’? As far as ‘smart toilets’ are concerned, well, that’s one i suppose i could relate to. I was always known as a ‘smart-ass’.