by Dave Moore, 02/14/2021
If you installed new windows in your house, would you install windows that couldn’t be closed or locked? That would be crazy, wouldn’t it?
Yet, that’s what millions of less-than astute consumers do when they submit to the Internet of Things (IoT) “smart home” craze and start adding Internet-connected light bulbs, speakers, digital “assistants,” wearable “fitness” bands, door locks, thermostats and refrigerators to their home Wifi networks. Where they may have had some Internet safety and security before, they will have punched holes right through their secure perimeter, just as if they had added new windows to their house that could not be closed.
What makes a home “smart?” Wouldn’t the ability to keep the inhabitants safe and secure be at the top of the “smart” list? You might think so, but you would be wrong. Instead, “smart” has come to mean having everything in your home somehow connected to the Internet, such as having a camera in your refrigerator so you can see its contents over the Internet using your phone, being able to lock (and unlock) your doors from anywhere in the world, changing your home heating system from a remote location, or speaking commands to a computerized “assistant,” allowing it to control everything else in the home.
Sadly, hardly any of these Internet-hungry Utopian conveniences are designed with safety, security or privacy in mind. It’s as if electronics manufacturers have forgotten every lesson learned in 27 years of making things safe for use on the Internet. Whereas most savvy Internet users would not think of using a computer without a firewall, antivirus and strong passwords in use, they are rushing to add insecure Internet of Things devices to their home networks at an alarming rate, just because they have been brainwashed into to thinking it’s somehow “smart” to do so.
Go to Google.com and do a search for “hack smart home;” you’ll quickly see why Internet safety and security experts are virtually unanimous in their assessment that Internet of Things smart home devices are not to be trusted. Smart home device hacking is rampant, and it is shockingly easy.
Are all smart home devices evil, then? Can they not be used safely at all? Like all devices you’ve ever used on the Internet, you need to make the effort to learn how to use them safely. To ignore this is irresponsible, making you a hazard to yourself and others.
Study the devices you want to buy; look up any known security problems they may have. Only buy name brand items. Make sure all devices are compatible with each other and the management software. Consider only buying one brand.
Next, secure your wireless network. Use WPA2 security with a strong password. Change the Wifi network name (aka, the SSID) to something obscure. Do not use the default name. Do not use your name, address, phone number, etc., as your network name. Disable Guest access. Make sure your router’s firewall functions are enabled, with IoT smart devices limited to only the required ports.
The best thing to do is use two different networks, one for computers/tablets/phones that access online accounts (email, shopping, banking, etc.) and a different, stand-alone network for IoT “smart” devices.
All smart home controllers and management devices (desktops, laptops, tablets, phones) need security software installed. Disable remote management tools on IOT devices if not in use. Look at all device settings and defaults. Change those that are not secure or reveal too much information. Create your own “wakeup” words. Change things from always on to always off.
Make sure you change the default passwords on all devices. Use complex passwords for everything. Never use the same password for multiple accounts. Whenever possible, us two-factor authentication. If a device doesn’t allow you to change the password, don’t buy it.
Check manufacturer websites frequently for IOT smart device updates. Their update procedures are usually not automatic, so you will need to manually find and install updates.
Finally, educate yourself about Internet safety. Everyone who connects to the Internet needs to understand how Internet safety works.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.com