All you have to do is look on Amazon for smart home plugs, light bulbs, or switches, to find hundreds of random manufacturers you’ve never heard of with dirt cheap prices. It’s enticing to save some money and buy a no-name brand for $5 vs. paying $25 for a brand you’re familiar with. The problem is that each of these devices are little computers running basic operating systems. Not every company takes the time to build out their computer systems with the care and attention they require, so they may be running outdated software that has security vulnerabilities that were never patched. Or have default administrator usernames and passwords, which make it easy for a hacker to take control of the system and then run amuck inside your home’s network. Internet of Things manufactures aren’t spending enough time securing what they’re building, so it’s on us to make sure we’re buying reputable devices and taking steps to secure our homes.
If you don’t think this is a wide problem, then you should check out an HP Research Study that found 70% of IoT devices were vulnerable to attack. Or watch Ken Munro’s Ted Talk where he talks at length about how easy it is to hack a lot of smart tech. Twitter suffered a denial of service attack in October 2016 that was run from 300,000 hacked home security cameras. This isn’t a problem that’s going away on its own.
Here’s a few rules I strongly recommend you follow:
Don’t buy IoT devices from a vendor unless it has proven security.
The old saying that, “if it seems too good to be true, it probably is,” is sometimes the case. Don’t jump on the cheapest options you find without doing a little research first. Look up a manufacturer to see if there are any customer complaints or issues reported with software problems. See how long they’ve been in business and what their track record is for pushing updates to their products. Have they been in business for multiple years or are they brand new? Reputable companies will have details on their terms of service and privacy policies, so you can often find out where the servers are located and what countries and laws will be protecting your privacy. It’s important to know as much about the company before you plug in any company’s device in your home.
Put your devices on a separate network
Try your best to limit the number of devices you put onto your home WiFi network. On a practical level, too many devices on a WiFi network can end up causing instability in your network. A rule of thumb is to not go over about 50 devices on a single consumer grade router. There are some that can handle more, but it’s generally not a good idea.
Every device that you add to your network can see every other device on your home network. So one path to secure things would be to get a separate WiFi router that you can run a secondary network isolated from your main system. Put all of your home computers, smartphones, etc. onto the main WiFi network. And then put all of your IoT devices on the second WiFi router running a completely separate gateway. This will make it impossible for any IoT device to see your home PC, Mac, or smart phone.
Another option that many routers include is a guest network. For instance, I use the Eero mesh WiFi system for my home network. I can run a completely separate guest network, which isolates anything on that WiFi network from seeing not only my main WiFi devices, but from seeing any other devices on the guest network. It’s like putting a tiny firewall around every single device on the guest network.
And for Apple users, Apple announced a new secure WiFi setup as part of Apple HomeKit. It’s basically Eero’s guest WiFi technique brought to HomeKit. Any supported HomeKit router will be able to automatically firewall off HomeKit accessories, so they can’t access your full home network. Linksys, Eero, and Spectrum are the first companies signed on to support that new feature.
Make sure you’re devices are running the latest software
Many devices have firmware updates that come out from time to time to fix bugs, add new features, and to plug security holes. My Philips Hue hub has received numerous updates over the years, but you often have to keep an eye out in that devices mobile app for those updates. I’ll often see a notification icon on my Hue app that there’s an update to apply. Be sure to check your Hue app, or iHome app, or fill in the blank app, from time to time to see if there are any software or firmware updates available.
So that’s the last of this initial set of videos, but keep an eye on this playlist and the channel because I’ll be adding more to it over time. Be sure to send me any questions or thoughts on Twitter, Instagram, and here on the website.
Additional articles and videos on IoT security: