Did you hear about the FaceTime bug that allowed users to eavesdrop on one another? How about the US family convinced by their Nest Camera that a nuclear attack was imminent?
IoT devices are now a top target for brazen cyber criminals eager to take advantage of anything in order to get their hands on someone else’s personal details.
Yet despite the dramatic headlines, there’s no need to unplug altogether. Instead, there are several simple and easy hacks that you can do to add an extra layer of security to your smart home devices. Here’s our top 10 tips on how:
1. Use two-factor authentication (2FA)
For most devices, there is usually an option to set up 2FA. With 2FA you’re asked to enter a secondary form of verification after submitting your username and password. This second layer of security helps repulse particularly persistent hackers.
When it comes to finance, security is crucial so many banks go further than 2FA by sending customers a unique code to enter. Facebook gets even more creative, asking users to verify friends in photos.
However, neglecting 2FA isn’t amusing; recently a hacker spoke to a baby through a Nest security camera and then turned up the central heating. With proper 2FA, this was a situation that could have been avoided.
2. Set up a secondary or ‘guest’ network
Broadband suppliers allow you to create multiple networks on your Wi-Fi router. It’s how parents set up controlled kids’ networks and guest networks for visitors. The same can be done for smart devices.
Create a separate Wi-Fi network so that your IoT devices operate separately from personal ones like your laptop or phone. Many routers now segregate all devices on a guest network so that they cannot communicate with each other. This makes it harder for a would-be hacker to gain access to data on this network.
When creating this new network, opt for WPA2 if given a choice between this and WPA; it’s the standard encryption method used worldwide.
3. Kill the bugs
Modern technology is impressive, but we all know that mistakes do happen. One of the most common ways hackers target smart devices is by exploiting a vulnerability missed by the software developer.
Luckily, this is also one of the easiest issues to address – simply update the device. Maybe think twice before clicking ‘ask me later’ the next time an update notification appears on your phone or laptop. There are bigger bugs to fry.
4. Disable unnecessary features
Smart devices are full of features, often enabled by default. Remote access is a good example of something that may be surplus to requirements. Don’t need it? Disable it.
5. Is your device qualified?
When purchasing a smart device, make sure it has the correct certification. The “Works with Alexa” and “Works with Apple HomeKit” badges show that devices meet certain standards in responsiveness, reliability and functionality.
However, certification is especially important in regards to smart security devices. It’s worth noting that in the UK a smart alarm needs to be certified by either the National Security Inspectorate (NSI) or the SSAIB if you want a police response.
6. Resist accessing smart devices using public Wi-Fi
Public Wi-Fi has weak security protocols and information transmission is generally unencrypted. If your Wi-Fi router is hacked your information can easily be intercepted undetected. This is what’s called a “man-in-the-middle” attack.
If you are on the go and want to check your CCTV then perhaps it’s better to take the hit and just use your own 3G/4G connection.
7. But if you must… Make sure the public Wi-Fi is genuine
Another man-in-the-middle attack exists, appropriately dubbed “Evil Twin.” In this case, the hacker creates a Wi-Fi network to mimic a public one nearby. For example, a network named Free_Cafe_Wifi could be created next to a Starbucks. This technique is especially dangerous as login pages may automatically appear, enticing you to enter personal details.
If you cannot avoid public Wi-Fi altogether, ask a café employee for the correct Wi-Fi name to make sure you are logging into the correct one.
8. Secure your phone and smart accessories
Simple, but effective. Your smartphone should have a passcode that isn’t easily guessed. No birthdays or ‘1234’.
You should also keep track of portable smart home accessories. Nowadays, smart alarms often come with key tags, allowing the alarm to be set and unset by waving them next to a panel. If lost, make sure you deactivate the tag on your smartphone until it’s found.
9. Buy from trusted brands
Cybersecurity is a top priority for consumers, but not always for brands. Beware the “poundshop” types you see on Amazon or Ebay boasting good reviews and low prices. Do your research: look up the brand’s website and search opinions on news-sites and forums.
It’s also worth checking whether the brands encrypts personal content. Ring, for example, is known for not encrypting customers’ videos because of Ring’s belief “that encryption would make the company less valuable.” Earlier this year, this created a storm when allegations arose that Ring’s Ukraine-based employees had unfettered access to video created by Ring camera.
10. Remember: passwords are key
It’s a cybersecurity tale as old as time. But it’s true. Your passwords must be secure. Make sure each one is unique and at least 12 characters long. Avoid full words; MySecurePasswrd is far more secure than MySecurePassword simply because it’s missing the “o”.
Adding numbers and symbols helps, but shouldn’t be prioritised over character length. The password ‘H@GG1s!’ is less secure than ‘haggis-is-tasty’ because it halves the character count (7 vs 15). Besides, hackers are usually well aware of which letters are commonly replaced with numbers or symbols.
A good password will defend against “brute force” attacks: a trial-and-error method where a computer submits thousands of passwords, using common words and patterns, to gradually narrow it down.
If you’re concerned about remembering multiple passwords then use a password manager like LastPass or Dashlane. You can also get built-in options like Keychains for iOS or Password Manager for Google Chrome.
Last but not least, don’t forget to give your broadband network a suitably obscure name. “William’s Wi-Fi” is not ideal. Think outside the box, your favourite movie or car model for instance. Maybe even try putting a smile on a neighbour’s face with something a little playful like “Pretty Fly for a Wi-Fi” or “The LAN Before Time”. You just never know. It could be the difference between being hacked or having said hacker move elsewhere.
Paul Walton, Co-Founder of Boundary