“Is my home hackable?”
I was inspired to write this whilst watching the brilliant Joe Lycett’s Got Your Back on Channel 4 last week; the first segment that they showed was about hackable home technology. It featured English football legend Chris Kamara and co-host Mark Silcox in a smart-home, whilst host Joe and an Ethical Hacker sat in a van outside and penetrated the home network. From the van they hacked the smart home techology with, to some people, shocking results. They were able to remotely command the voice assistant, switch lights on and off, hack some childrens toys and even view camera footage from smart cameras and CCTV.
“A 2019 survey for Smart Home Week reported that over half of all UK households currently own at least one smart home device.”
What are the risks?
A 2019 survey for Smart Home Week reported that over half of all UK households currently own at least one smart home device and one in six people use their smart home systems remotely. Whilst smart home systems offer their owners the height of convenience, it’s hard to ignore the concerns around invasion of privacy and hacking which now come with technology ownership.
The basic principle of a smart home is a collection of devices that are connected by, and communicate using the internet, also known as the internet of things or iot. A smart home provides homeowners security, comfort, convenience and energy efficiency by allowing them to control smart devices, often through an app on their smartphone or other networked device. Usually this requires our data to be sent into “the cloud” where it is processed by a server before an instruction is issued to a smart home device.
One of the biggest issues surrounding smart homes is the security of the data that is used by our systems as well as the security of the physical devices connected to it. Imagine the scenario; a hacker manages to gain control of your smart home system, shutting off the lights, disabling the alarm system and unlocking the smart locks, leaving the home defenseless from physical intrusion. It doesn’t take a techincal whizz to understand that this presents a significant and worrying problem for smart home manufacturers, installers and owners alike.
A less obvious but equally serious consideration is that smart home devices can be used as a route to access your home network. Allowing hackers into the network and giving them access to the devices within. A recent “bluesnarfing” hack saw a hacker steal the WiFi network credentials from the smart home device via a bluetooth connection, which then allowed them connection to the home network and access to all of the computers and devices connected.
Smart homes offer the utmost convenience, with the ability to control every electrical or electronic device in the home.
how can we protect our smart homes?
So how can you protect your smart home network from abuse by outside influences?
1. Ensure the network hardware is high quality and manufactured by a reputable brand.
Many home wifi routers supplied by ISPs are built to a very cheap specification, this is how they can afford to give them away for free. Upgrading the home network router will provde greater security, allow the user greater control of their network, and will usually provide a stronger, faster and more stable connection.
2. Update firmware on network devices to the latest version.
Firmware is the permanent read only software installed on a piece of hardware. It controls how the device operates and communicates with other computer hardware. Firmware updates usually carry security fixes and updates to offer protection against the latest types of attacks.
3. Rename your WiFi network
Using the default network names may give away the brand of the router, giving potential attackers information they could use against you. Give your router an unusual name, avoid naming the network anything that could give away any personal identifiers or anything associated with the address.
4. Use the strongest WiFi encryption method possible
From your router of wifi access point settings, ensure that the network security uses WPA2 as a minimum. WPA2 is a security standard used by all the devices on the wireless network to ensure that the wireless communications on your network are encrypted.
5. Set up a guest network.
Most third party routers will allow you to set up a guest network. This will allow you to give access to friends, family and other visitors, whilst keeping devices on your primary network private.
6. Change default usernames and passwords
As shown on the Joe Lycett’s Got Your Back episode, lots of smart home or iot hacks are easily deployes by the hackers becuase manufacturers sell their devices with default usernames and passwords built in. This makes it easy for us to initially set up devices. But if the usernames and passwords arent changed, it leaves the device, and other devices on the same network open to attack.
7. Use unique strong passwords for networks, device accounts and…. well anything you use to log in online.
Top Tip: use a password manager to store all of your passwords. We all get frustrated having to remember a plethora of passwords for different devices, but it just isn’t worth the risk of using the same password for multiple things! Most password managers will have a built in strong password generator, that takes the hassle out of having to come up with unique passwords. But if you must make your own passwords ensure they are:
- Unique
- At least 10 digits long
- Include numbers, symbols, upper and lowercase letters
- Avoid any password based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, or biographical information (birth day).
- Use a compound phrase as a password. This principle is demonstrated in the below comic from XKCD. The upper row shows a password with alphanumeric characters, capital letters and special characters (i.e., the “perfect password” according to the old thinking), which could be guessed in three days by brute force. The bottom row shows how a phrase combining four words increases the time it would take to guess the password to 550 years. For years we have resorted to passwords that are hard to remember for us but easy to guess for machines.
Image Credit: XKCD
8. keep mobile apps and smart home devices up to date – Don’t Ignore Updates!
It’s crucial that all of your smart home devices and mobile apps have the latest software updates installed, not only can the updates provide new features, but they usually contain important security fixes against known attacks and vulnerabilities. Many smart home devices also come with a host of features and services, some of which you probbaly won’t ever use. Any services that aren’t used, such as remote access should be disabled, as they could provide a hacker with a potential route into your smart home system and IT network.
9. Use a VPN
You may have heard the term VPN, possibly you’ve used one to connect to an office network remotely. A VPN, or virtual private network is simply a way used to connect different networks via the Internet, but using extra security protocols that protect both the authenticity and the confidentiality of the information that travels through the VPN connection or network system.
Normally messages sent from your computer, or device to the inernet are unencrypted, and if intercepted by a hacker, can be read, and private data extracted. When using a VPN, if any messages are intercepted, they will only contain gobbledegook and private data will not be extracted.
10. Use A Trusted Reputable Smart Home Expert
You want your smart home to make your life more convenient, and to make your home more secure, not less.
Imperium are a trusted and reputable smart home technology installer, we work with many of the leading network and smart home brands and can offer a truly custom system to meet your needs. Whether it is an IT network upgrade, or a full heating, cooling and media control system, get in touch with us today to chat about how we can help.
Other Resources
Hackable? Podcast
Hackable? Podcast by McAfee and hosted by Geoff Siskind explores where we’re susceptible in our daily routines, without even realizing it. Giving us an in-depth view of the vulnerabilities we face so we can stay observant, and out of the hacker’s path.
Smart Home Week
Smart Home Week aims to educate customers on the confusion and myths surrounding smart home technology. Expect celebrity talks, industry forums, and plenty of digital activity. And, of course, we’ll be showcasing the very best in smart, connected and integrated home technology.
Draytek
Imperium use and recommend Dratek network equipment for all home and SME wired and wireless network infrastructres.