All kinds of creative tech companies, large and small, are building interesting smart home devices. While they promise to make your house or apartment smarter, more energy-efficient, and more closely tailored to your needs and preferences, they have a few drawbacks, most notably that many of them aren’t as secure as you’d hope.
As Bitdefender recently noted in a post for Mashable, users want exciting tech products on fast timelines, which leaves designers and developers scrambling to offer ever-more-capable devices on shortening development cycles. That “rush to market” can result in poorly-constructed software, and unfortunately, the first thing to go is often proper consideration for security. Devices from smart TVs to thermostats to routers have all been found to neglect basic security measures. While we’re just as excited about the prospect of using technology to make our homes smarter and more capable, it’s important to be aware of the ways that Internet of Things devices can compromise your security.
1. Watching your usage patterns
When a device can collect lots of data on your habits, some disconcerting things can happen. Smart TVs were among the first Internet of Things devices to be criticized for invading users’ privacy. As Bitdefender notes, television manufacturers were accused of tracking users’ viewing habits, and even of sharing the data that they collected with advertisers. Even worse is the fact that that data doesn’t exist in a vacuum, and in some cases, is associated with the IP address of the device used to view the content (which could help a hacker identify every device in your home).
2. Leaving communications exposed
As Rich Brown reported a few months ago for CNET, a study from research firm Veracode revealed that there’s plenty of potential for security vulnerabilities that a criminal could exploit when you’re connecting things like your thermostat, your garage door, or your front door with smart home devices. The possibilities are logical when you consider how smart home devices work. They connect to smartphone apps, communicate with cloud services, and often have debugging interfaces that could potentially enable an attacker to execute commands on the device. What could go wrong?
When device manufacturers don’t use strong encryption to protect all of those communications, or don’t require users to create strong, secure passwords, a lot can go wrong. Veracode found significant security vulnerabilities in the smart home devices it’s tested. The data that’s sent back and forth by smart home devices can fall into the wrong hands if it isn’t protected properly. And particularly if apps don’t use two-factor authentication, a hacker who gets your account credentials could log in and interact with your devices. And all bets are off if someone breached the underlying cloud service. (Seems like yet another convincing argument for the importance of strong encryption and good passwords.)
3. Using vulnerable communication protocols
Sometimes, leaving communications unprotected is the device manufacturer’s fault (such as when companies neglect to encrypt a device’s communications with a cloud service or with the local network). But other times, an entire communication protocol can be vulnerable. For instance, researchers found that it’s possible to compromise the ZigBee protocol and hack every device connected to a hub that uses ZigBee. Not exactly what you want to hear when your doors, your security camera, or the lights in your house are left vulnerable.
4. Neglecting to protect video feeds
Most devices you have even in a pretty thoroughly outfitted smart home aren’t going to be recording video of what’s going on in your home. But things get pretty scary when you consider what happens when the few devices that do record video are compromised. It’s already been demonstrated on multiple occasions that hackers can target vulnerable security cameras, baby monitors, and webcams. That means that if your camera isn’t as secure as you think, a hacker could spy on you, share the live feed from your camera, or even mess with you by manipulating the feed.
5. Not protecting your personal information
As Molly Wood reported for The New York Times early in 2015, many connected home security threats haven’t been about hackers trying to break into users’ houses or use the data on when their thermostat is on or off. Instead, criminals have aimed at the giant databases of personal information and credit card details that device manufacturers collect. (That’s all data that they can sell on the black market.) Security experts are concerned about how much personal data is being collected, and how easy it is for that information to be misused or stolen without your knowledge. Since the smart home is such a new concept, few security practices are standard, and there are few reliable ways to make sure that everything in your smart home is secure.