Safety & Privacy
How to outsmart your smart devices’ security weaknesses
by Plume Security TeamOctober 2021
How to outsmart your smart devices' security weaknesses
Smart TVs. Connected baby monitors. Voice assistants. Your smart home devices make your life easier and you've come to rely on them. But these connected devices have one unfortunate weakness in common: They all open the door for cyber-criminals to enter your home. And the more smart devices you own, the more doors (and windows) you're leaving open. Some smart home gadgets don't just create a virtual entry point. Even wireless security cameras meant to protect you are vulnerable to cyber-attacks.1 What's more, hackers can use compromised devices for accessing personal information (like your location, habits, and activity patterns) and for various other nefarious purposes.2 Here's what you should know about the security gaps in smart home devices—and how you can outsmart those weaknesses.
Why connected devices are vulnerable
Like any other type of computing device, smart home gadgets—also known as Internet of Things (or IoT) devices—are vulnerable to a range of risks, from software bugs, malware, and weak or default passwords, to unencrypted communication protocols and data storage. Unlike computers, however, IoT devices have limited security measures of their own and cannot be protected by traditional anti-virus software. For some manufacturers, security is simply a low priority, especially if it's a cheap device. And even if manufacturers do implement security by design, the space on the chip for security is limited because functionality features take precedence. Another common problem is hardwired default passwords—you can't change them and hackers can easily find the default passwords online.3 Plus, smart devices are difficult (if not impossible) to update with security patches that fix vulnerabilities. And when patches are available, manufacturers don't necessarily have the infrastructure to push updates to consumers on a large scale, like computer or smartphone makers do.
Security and privacy implications
Vulnerabilities in smart home devices have allowed hackers to do things like:
- Take over a robotic vacuum cleaner to not only disable it but also view home video footage4
- Lock and unlock a smart padlock, as well as gain complete access to the user account5
- Obtain accurate geolocation information from someone's smart speaker or home assistant6
One of the dangers of compromised smart home devices is that cyber-criminals can use them, as the FBI puts it, "to do a virtual drive-by of your virtual life."7 They can hack into your internet router and from there, into your entire home network. They can send spam, launch distributed denial of service (DDos) attacks, and steal your data, among other things. Data security and privacy are especially top of mind for consumers, considering the large amounts of data that IoT sensors collect. A recent survey of several thousand consumers in six countries found that nearly a third of respondents who don't own a smart device won't buy one due to security concerns.8 Additionally, 65% of all those surveyed expressed concern over how the devices collect and use data.
How to protect your smart home
At this point, you might be feeling like some of the consumers in the survey above and thinking, "If IoT devices are so vulnerable to hacks, should I even own one?" All this may sound scary; however, it's not hopeless. Whether you own one smart home device or a dozen, you can take basic steps to reduce vulnerability. Here are some ways to make your smart devices more secure:
- Review the manufacturer's security measures, if available, and understand what data the device collects.
- Change your default and weak passwords.
- Invest in a router with robust security, including a firewall.
- Segment your home network so your smart TV and your laptop don't run on the same network.
- If your device has a smartphone app, check the app's permissions and limit data collection as much as possible.
- Update the software, firmware, and operating system—and turn on automatic updates when available.
- Don't allow connections to unsecured WiFi in public places like coffee shops and libraries.
Implementing advanced digital security
Those steps are a starting point. For real peace of mind, you need to go beyond basic best practices with advanced cyber-security. Technology that uses machine learning is available to consumers, and it will protect your smart home, and your IoT devices, against sophisticated attacks. Plume, for example, offers advanced IoT protection through Guard, a service that's part of HomePass. Guard provides real-time data security that protects online activity and connected devices from threats like ransomware, phishing attacks, malware, and botnets. The platform learns over time and continuously monitors your network and devices for unusual patterns, and enables you to quarantine suspicious devices. Advanced IoT Protection (AIP), part of Guard, protects your devices not only from known malicious sites but also from new and unknown threats. That's particularly important because cyber-threats are constantly evolving. The best way to outsmart your smart devices' security weaknesses is by being proactive. Consider implementing a consumer security solution that protects you anywhere and everywhere, provides automatic protection for all your devices, and delivers enterprise-grade digital security and privacy features. — Sources:
"D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream"
- FBI Public Service Announcement,
"Cyber Actors Use Internet of Things Devices as Proxies for Anonymity and Pursuit of Malicious Cyber Activities"
"The password to your IoT device is just a Google search away"
"Unpatched Security Flaws Open Connected Vacuum to Takeover"
- Federal Trade Commission,
"Tapplock settlement: Smart devices need smart security"
- Krebs on Security,
"Google to Fix Location Data Leak in Google Home, Chromecast"
"Tech Tuesday: Internet of Things (IoT)"
- Consumers International and Internet Society,
"The Trust Opportunity: Exploring Consumers' Attitudes to the Internet of Things"