DIY Smart Homes & Hacking

Man in black balaclava, hoodie and gloves hacking a computer

DIY Smart homes are cool. Apps can simplify your life but controlling your lights & music opens you up to hacking.  Here’s how to protect yourself.

The “Internet of Things” underlies the DIY smart-home industry and it is estimated there will be 24 billion IoT devices by 2020.

These developments allow you to change the way you carry out everyday tasks, but be aware that with these developments come risks as the increase in connected devices gives hackers and cyber criminals more entry points.

If you are at all concerned about your security and privacy (and you should be) then here are a few things to consider when purchasing a new connected device:

Check the security of the device AND the security of the software applications and network connections that link to that device.  Make sure you’re confident of each of your IoT device’s security against hackers.  A team of researchers at Microsoft and the University of Michigan recently found a plethora of holes in the security of Samsung’s SmartThings smart home platform, and the methods were far from complex.

Theft of your information – the amount of data IoT devices generate every day is staggering and creates more entry points for hackers and leaves your sensitive information vulnerable.

Have you created an unwanted public profile?  – By agreeing to the terms of service on your device have you allowed companies to collect data on you?

Can your device be used for eavesdropping?

Connected plug and play devices that work without configuration pose the greatest risk as you have less influence on the security of the installation.  The largest Distributed Denial of Service attack in 2016 was caused by a botnet that made use of webcams, camcorders, baby monitors and other insecure internet connected devices.  You know, the cool, easy to install stuff you can see on your phone!

Some simple steps to improve your security:

The easier it is to configure, the easier it is for someone else to get in.

Making it more difficult to get in makes it less attractive to people trying to get in.

Educate yourself about networking and security.

Ask about security when considering a new device.

Make sure your network is secure with a good firewall.

Check which devices are allowed to connect to the Internet.

Isolate IoT devices on a separate VLAN.

Be cautions of ‘smart’ features such as cameras of voice enabled controls and turn it off if you don’t need it.

Change the passwords from the default.

Only use remote access features when you need them, and only if you know how they are secured and if that meets your required levels of security.

Use VPNs to secure and encrypt access.

When in doubt, ask an expert.

For wireless devices:

Turn off WDS: This one button connect is easy entry for everyone.

Turn off SSID broadcast – if they can’t see it, it’s harder to find.

Change the SSIDs: Standard SSIDs give away the vendor/type.

Activate Wireless encryption.

Turn off standard guest networks: They are easy entry and not just for your guests.

What Now

The alternative to this is to have a professional integrator organise this for you.  They are trained in network security and steer clear of products that are insecure, and DMZ those that are risky.  If you are considering any IoT devices or home technology and want to know if a box you’re about to buy is secure just give us a call and we’ll look it up for you.  If you already have this equipment on your home network and would like it checked click here or give us a call on 09 377 3778 any time – we are here to help!