Internet connectivity seems to be arriving in more and more objects each day. With smart plugs, thermostats, refrigerators, and more, our entire homes are growing ‘smarter’ all the time. While this has great benefits to the efficiency of our daily lives, what does it mean for security? Are there threats to smart homes? Could your smart home be hacked?

It turns out that this is an alarmingly possible occurrence.

At Mobile World Congress 2018, one company showed how easily a smart hub could be compromised. A smart hub is a central point controlling all of your home’s smart devices. By identifying the hub’s vulnerabilities, Kaspersky Lab was able to hack into a smart home with fairly minimal effort and gain control of multiple devices.

Another research group from Ben-Gurion University experimented with hacking into baby monitors, smart doorbells, and more, and it was a simple as finding the right passwords. PhD student and researcher Omer Shwartz shared that "It only took 30 minutes to find passwords for most of the devices, and some of them were found only through a Google search of the brand." This means that many of these smart home users aren’t taking the time to change the default password associated with an item, a major no-no when it comes to cybersecurity.

What Smart Home Hacking Looks Like

So what would happen if someone hacked into your smart home?

In the experiment from BGU, researchers found that they could control the various items remotely. Some of the abilities, such as playing loud music through the baby monitor, seem fairly harmless, but what about switching on a camera and having access to the feed? This paves the way for a serious invasion of in-home privacy.

The potential for more significant damage is there, too. In some instances, advanced hackers could find a way to access your entire Wi-Fi system. There’s also a chance that, if they can determine one of your passwords, they may be able to guess others---perhaps even those that are related to your banking networks.

If a hacker takes control of one of your devices, they can also ‘hold it for ransom,’ demanding payment (often in the form of Bitcoin) in exchange for relinquishing control. This might be coupled with device-related threats (such as having control of your smart thermostat and threatening to continually raise the temperature

But most likely, you need to worry less about data theft than about privacy concerns. Using the built-in cameras on smart home devices seems to be hackers’ favourite way to breach security. Last year, a vulnerability was discovered in nearly 1 million smart home devices built by manufacturer LG. This vulnerability could enable hackers to get into the LG mobile app responsible for controlling the devices. With many of these devices camera-enabled, they could easily be used to spy on people in their homes. It’s not a stretch to see how a massive privacy problem could result. It’s a worry, especially for those who have children.

There are also safety issues that go beyond the invasion of privacy via video stream.

Do you have a smart lock on your front door? A nefarious hacker could unlock this remotely and gain possible access into your home itself. This is probably less likely (since hackers are often from a far away, remote location) but it’s a chilling consideration---and one that makes us think long and hard about how to secure our smart homes.

How to Keep Your Smart Home Safe

One thing that makes smart items within the Internet of Things (IoT) particularly subject to such attacks is that these are standalone objects. Unlike a laptop or mobile phone for which you can install various types of protective software, other smart devices need their own security methods, which are still being developed.

So what can you do?

The first thing is to only by smart home devices from trusted, reputable sources. And avoid buying these items second-hand, as they may have been previously compromised.

You could also keep an eye on the latest developments in ‘Internet of Things’ security. Some ideas in the works include a cloud-based service that combines artificial intelligence with machine learning. The idea would be that smart home devices are tracked for common, typical behaviour, which is learned and stored over time. When deviations to the normal patterns occur, an alert could be created. This could be helpful in identifying a potential infiltration. If your smart light bulbs are suddenly acting strangely, the cloud-based security system could observe this and let you know something’s up, or even shut off the device’s connectivity.

You could also try a device like this one, which plugs into your network and serves only to detect compromised devices. If a device has potentially been attacked, the Akita will disconnect it.

While more IoT security options are continuing to roll out, it’s perhaps most important to take steps ourselves to protect our smart home.

Some of these are obvious, such as never sharing IP addresses, serial numbers, or other data regarding your smart devices online, particularly over social media.

Changing your passwords (and making them super secure) is also an obvious defence, but many of us, unfortunately, don’t do well with this one. Be sure you’re always changing a smart device’s default password and creating one that is complex. Update it on a regular basis.

Finally, be particularly aware of online phishing scams. These can initially appear legitimate but are designed to obtain vital information from you, especially your login details.

The possible security issues in your smart home don’t mean you shouldn’t have one. But be sure to prioritise security for these devices, just as you do for your laptop and smartphone.

Back to blog