How to keep your smart home secure

19 NOV 2019
With smart home devices becoming mainstream, here are some key security vulnerabilities to pay attention to, alongside tips for keeping your smart home ‘hacker-free’.

Photo by Sebastian Scholz (Nuki) on Unsplash

With smart home devices becoming mainstream, here are some key security vulnerabilities to pay attention to, alongside tips for keeping your smart home ‘hacker-free’.

Everything from our phones to our watches is getting the prefix ‘smart’ these days, so why should our homes be any different? A key goal of embedding ‘intelligence’ into things and spaces is convenience, so imagine being able to toggle a light switch using your smartphone, or activating the air conditioning using just your voice. With the Internet of Things (IoT)-enabled switches and sensors communicating with a connected home assistant, you could do all these and more from the comfort of your couch.

Tempting as it may be to set up a smart home, keep in mind that increased connectivity comes with its own risks—in particular, higher exposure to cybersecurity threats. The prospects of having your ‘smart light bulbs’ locked down by ransomware are very real, and they could result in you having to spend the night navigating around your own home by candlelight! Here are some ways hackers could give ‘home invasion’ a whole new meaning.

The ‘head’ of the house

If you are using IoT-enabled devices in your smart home, the odds are high that you have a smart home hub for configuring and controlling them. Being the brains of the entire system, the smart home hub is a valuable target for malicious actors since it gives them the ability to take over practically every other gadget in the house.

For example, two security researchers exploited three vulnerabilities in a smart home hub developed by a Croatian company, tricking the device into thinking they were the homeowners. They gained the highest level of access to the home’s command centre and used their illegitimately obtained privileges to open a door by releasing the smart digital lock on it.

The chink in the armour

Even if you are confident that your smart home hub is secure, it does not necessarily mean that every IoT device linked to it shares the same level of protection against cyberattacks. Often, hackers search for the weakest link in the chain of smart home devices, and once they’ve found it, they use it as a foothold to disrupt other networked items.

Research by Hewlett Packard has shown that 70 per cent of consumer IoT devices have insecure web interfaces. This means that they have poor session management and weak default credentials, which are essentially a welcome mat for hackers to infiltrate home networks.

Walls have ears, and hedges have eyes

Although smart devices are designed to be quiet and unobtrusive, the network traffic that they transmit and receive can be a treasure trove of insight into our personal lifestyles and habits. Even though traffic passing through these devices is usually encrypted, a hacker could take advantage of various security loopholes in the transmission protocols to decrypt the network packets and gain access to sensitive information.

Furthermore, IoT devices typically collect at least one piece of personal information and store it on board the device or sync it with a cloud server. Cybercriminals may steal this information and use it to attempt to breach other systems in your smart home.

Worrying as these security risks may be, your dream of creating a smart home need not be shelved indefinitely. Our GovTech cybersecurity specialist, Goh Jing Loon, shares three concrete measures you can take to keep cybercriminals outside the gate.

Our GovTech cybersecurity specialist, Goh Jing Loon, shares three concrete measures you can take to keep cybercriminals outside the gate

1. A secure boot ensures you start on the right foot

Hackers may modify the firmware of your smart home devices so that when the device boots up, the malicious code gets executed instead of or alongside the operating system. This could result in device failure or handover control of the device to the malicious actor.

Therefore, when purchasing a smart home device, check if it has a smart boot function that you can enable. This ensures that the device checks the boot code and only allows trusted code embedded in the device to run.

2. Move with the times and update

If you are hoping to get the most bang for your buck, then you would want to use your smart home devices for as long as possible. However, beware of outdated security protocols, which could be exploited by hackers.

Ideally, you should purchase devices that can receive security patches. User behaviour also matters—be sure to check for security updates regularly and install them promptly.

3. Brand names do matter

There is a range of smart home devices on the market, and those from well-established brands may cost more. This premium pricing does bring some peace of mind since large and reputable tech companies are more likely to actively monitor security vulnerabilities and anticipate new ones.

Having said that, some degree of due diligence is needed on the part of the consumer—one should perform a market survey and look out for brands that are trustworthy and reliable in rolling out security updates in a timely manner.