Smart homes and their risks

Jan 26, 2021.

The move to connect appliances and systems in the home is leading to an increase in the volume of sensitive data collected. Incorrect use of poorly protected cheap products means the smart home becomes an open gateway to criminals. We spoke to Jonathan Wälchli, an IT and smart home expert, to find out what the risks are and how you can protect yourself and your family from them.

It sounds like the script for a horror film: Samantha and Lamont Westmoreland return to their empty home in Milwaukee only to hear voices coming from within. Then the temperature on the thermostat suddenly rises to 32°C. Loud music starts playing from somewhere. US local broadcaster Fox6news reported on this bizarre story. The pair had installed smart home devices in their house with a value of USD 700: a thermostat, a spyhole for the door and a surveillance camera were all intended to make their lives safer and more convenient. That was until someone hacked into their network. This case clearly shows how important it is to take particular care when safeguarding your smart home.

 

Today, microphones and cameras are now part of almost every device, and virtually every household is home to tablets, smartphones and TVs. Other devices such as baby monitors, children’s toys and drones can also be connected to a network. Devices found in a smart home can be divided into three categories:

  • Convenience: for example, entertainment programmes activated via voice commands
  • Energy: for example, smart heating activated via presence detectors
  • Safety: for example, cameras, motion detectors and presence simulation

 

 

Total protection is important – and smart homes are no exception

Put bluntly, access to a smart home’s system is all it takes to create a Big Brother-style situation in many living rooms. To prevent others from seeing and recording everything you do, it’s essential to be aware of how sensitive your data is and to take steps to safeguard it. This means that when buying a smart appliance or installing a full smart home, you must make the right decisions from the start.

 

 

“The same rule applies in smart homes as it does in other areas of our lives: when we know the risks, we can protect ourselves properly. Failing to do so can lead to damage or personal injury.”

 

 

What types of risk are there?

Financial losses

Attacks carried out through a smart home system can be expensive in various ways. Hackers who use a network to gain access to personal data – dates of birth, credit card information – can place orders or make money transfers online. Digital smart meters can be manipulated, causing electricity costs to skyrocket. Burglars can also break in by overriding smart door locks and switching off alarm systems.

 

Blackmail involving sensitive photos, secret correspondence and other information taken from the victim’s PC – to which the hacker gained access via an unprotected smart home device – can be particularly unpleasant. The hacker threatens to release the confidential data unless they are paid a ransom.

 

Commercial damage

A denial-of-service attack involves infecting a smart home device with malware and connecting it to a botnet (a network of infected devices). The hacker can then use your home network to cripple online stores or other websites. As a result, you become unknowingly involved in the attack, which can lead to trouble with the relevant authorities later on.

 

Damage to household contents

Some cyber attacks are designed to manipulate smart home devices with the aim of causing as much damage to buildings or facilities as possible. For example, the goal may be to switch on a sprinkler system, which can lead to water damage.

 

Emotional injury

Images and videos stolen from smart home devices are often subject to misuse. Some hackers simply enjoy watching other people. Others sell what they have stolen on the dark net. Children’s toys connected to the network can pose a huge risk: a hacker or paedophile could, for example, use an app-enabled teddy bear to make contact with a child. To protect children against such risks, it is better to avoid toys that can be connected to a smart system.

“There is huge demand for smart appliances. Consumers commonly focus on the price rather than the quality when buying such devices. The simple fact is that a cut-rate smart home product is often a poorly protected one.”

 

Jonathan Wälchli, CEO WAJO Group GmbH

Tips for more security

The following tips can be used to make your smart home secure:

  • Seek advice from a specialist retailer or installation technician.
  • Be wary when buying second hand. If a person has adapted the firmware at some point, the original user may still be able to access the device.
  • Use secure passwords with at least 12 characters (numbers, letters and symbols), and make sure the password is different for each device. Change the default password immediately.
  • Where possible, activate two-factor authentication. This form of authentication requires you to confirm two independent components; e.g. a password and a code sent to your mobile phone.
  • Be sure to deactivate the Universal Plug and Play (UPnP) function for your router or firewall. If authentication is not set up, devices that are part of this network can configure your firewall and open up other doors in the network.
  • Think about where you have placed specific sensors or detectors and which data they may be able to record in that area (in addition to the information you actually want them to store). For example, is it a good idea to have a security camera in the bathroom – or even inside your home?
  • Protect your WLAN. Use WPA2 and a secure password of at least 20 characters.
  • Divide your network into several logical networks: one for video surveillance, one for sensors and detectors, one for your guests, etc.
  • Install a good firewall.
  • Limit the number of online sources that can access your smartphone.
    Where possible, use a Geo-IP filter, as this will restrict access to your home network (e.g. only Swiss IP addresses can access the network).
  • Do not use standard ports such as 23, 443, 80, etc.
 

When buying a smart home device, make sure to ask the right questions

 

A specialist dealer or professional technician can set up your network. It may be sensible to ask the following questions when talking to a sales representative:

  • How often are software updates performed? Are updates made automatically or will I receive a notification?
  • Can the device be accessed via the internet?
  • What means of protection does the device have to safeguard against unauthorised access?
  • Are all the device’s access points encrypted (SSH or HTTPS)?
  • Can the manufacturer’s default access data (user name/password) be changed?
  • Which data is sent to the manufacturer (to the cloud)? Can transmission of this data be prevented or restricted?
 

What to do if your smartphone is hacked

If you suspect one of your connected devices has been hacked, you should reset it to the factory settings according to the instructions in the user manual. This will allow you to set it up again based on the security measures above. You should also consider taking legal action. Good legal insurance is a worthwhile investment – if not now, then when you decide to turn your home into a smart home.

 

About the author

WAJO Group GmbH specialises in smart homes and IT security. From advice and choosing devices to smart home set-up, the WAJO team helps individuals and corporate customers find the right security solution.

MORE ARTICLES ON THE SUBJECt

Online shopping: preventing online fraud

We show you how to recognise their tricks – so you won’t fall for them yourself.

more

Legal protection for cyber bullying

How to protect your children against cyber bullying.

more

Could your online password get hacked in less than a minute?

Keep it secure with these hacks.

more

Suitable Generali solutions

Personal legal protection
Cyber insurance
Household contents insurance