August 2018 • The Monthly Security Awareness Newsletter for Everyone
Smart Home Devices
What are Smart Home Devices?
Traditionally only a few of your devices at home could connect to the Internet, such as your laptop, smartphone, or gaming console. However today, more and more devices are connecting to the Internet, from your lightbulbs and speakers to your TV, locks on your door or even your car. Soon, almost every device in your house could be connected to the Internet. These connected devices often go by the name of Internet of Things (IoT) or Smart Home devices. While these connected devices bring a great deal of convenience, they also bring unique dangers.
What’s the Problem?
The more devices that are connected to your home’s network, the more can go wrong. Hackers can program your devices to attack others, vendors can collect extensive information on your activities, or your devices could become infected and lock you out. Many of the companies making these devices have no experience with cyber security and see security as a cost. As a result, many of the devices you purchase have little or no security built into them. For example, some devices have default passwords that are well known or you cannot update or configure them.
How Can I Protect Myself
So what can you do? We definitely want you to leverage connected devices, safely and securely. These devices can provide wonderful features that make your life simpler. In addition, as the technology grows you may have no choice but to use smart devices. Here are key steps you can take to protect yourself.
- Connect Only What You Need: The simplest way to secure a device is to not connect it to the Internet. If you don’t need your device to be online, don’t connect it to your Wi-Fi network. Do you really need your toaster sending you notifications to your phone?
- Know What You Have Connected: What devices you do have connected to your home network? Not sure or can’t remember? Turn off your wireless network and see what is no longer working. It may not catch everything but you’ll be surprised at how many devices you forgot.
- Keep Updated: Just like your computer and mobile devices, it’s critical to keep any and all of your devices up to date. If your device has the option to automatically update, enable that.
- Passwords: Change the passwords on your devices to a unique, strong passphrase only you know. You will most likely only have to enter them once. Can’t remember all your passphrases? Don’t worry, neither can we. Consider using a password manager to securely store all of them.
- Privacy Options: If your device allows you to configure privacy options, limit the amount of information it collects or shares. One option is to simply disable any information sharing capabilities.
- Vendor: Buy your devices from a company that you know and trust. Look for products that support security, such as allowing you to enable automatic updating, change the default password and modify privacy settings.
- Always Listening: If a device can take your voice commands it is constantly listening. For example, your Alexa and Google Home devices can record sensitive conversations. Consider that when you determine where to place the devices in your home and review the privacy options.
- Guest Network: Consider putting your Smart Home devices on a separate “Guest” WiFi network rather than the primary WiFi network you use for your computers and mobile devices. This way if any Smart Device is infected, your computers or mobile devices on your main network remain safe.
There is no reason to be afraid of new technologies but do understand the risk they pose. By taking these few simple steps you can help create a far more secure Smart Home.
Subscribe to OUCH! and receive the latest security tips in your email every month - www.sans.org/security-awareness/ouch-newsletter.
OUCH! is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it. Editorial Board: Walt Scrivens, Phil Hoffman, Cathy Click, Cheryl Conley