Smart Home Security & Privacy
Smart technology is affecting all areas of our lives. The possibility to have the access and control over everything at our fingertips at any time from any place is very tempting and offers many advantages, however it all comes at a security and privacy cost
The various internet-connected devices – such as Smart Burglar Alarms, Internet Security Cameras, Smart Locks or Remote access Doorbells– collect enormous amounts of personal data which include logs of all interactions, location data, home details or voice samples (especially the likes of Alexa, Siri or Google Home). And you only have limited control over what kind of data is being collected, what it might be sued for and how it’s stored. The security of such devices is also questionable in many cases, since many of them So if you really care about privacy & security, the best option is not to use the ‘smart’ internet-connected devices in your home and not to trust a security device that requires an internet connection. And if you have already decided to do it, it is important you are fully aware of the potential risks that any given product poses before you put it to use as well as configure its settings to best protect your privacy and increase your security.
The following list will help mitigate the risks associated with internet-connected home devices.
Rename devices to not reveal brand/model
If your device name reveals what brand or model it is, it makes it easier for a malicious actor to launch an attack targeting a specific device. Fortunately, it is usually easy to change the device’s default name which is what you should during setup.
Disable microphone and camera when not in use
Although intended to activate only when addressed smart speakers and other voice-controlled devices might unintentionally pick up information containing sensitive or personal data. The sound clips from these interactions are stored on a server and can be monitored by employees to improve the speech detection function of these devices which can lead to data privacy leaks. Additionally, a targeted attack could also allow a malicious actor to gain control of a microphone or camera. Hence, it is advisable to use the hardware switch to turn off these devices to prevent this from happening.
Understand what data is collected, stored and transmitted
Already before purchasing a new smart home device, conduct necessary research to know and understand what kind of data the device collects and how it is stored and used. Avoid buying devices that share anything with third parties. Make sure you are comfortable with the data collection and usage policy.
Set privacy settings, and opt-out of sharing data with third parties
Once installed, go to settings in the app, and select the strictest privacy options. It is commonplace that by default the most possible data is being collected.
Don’t link your smart home devices to your real identity
Use a unique username and password which does not identify you, your family, your location or any other personal details. When creating an account for a new smart home device, do not sign up with your Facebook, Google or any other third-party service.
Keep firmware up-to-date
To ensure the best level of security keep the firmware versions of the smart devices up-to-date and apply current software patches. In most cases, smart home apps will notify you when a new firmware version is available so all you need to do is to accept it and install it.
Protect your network
It is common for many smart home devices that anybody connected to your home WiFi is able to view the content of these devices (such as camera footage or motion statistics). As such, ensure that your WiFi and home networks are properly secured with a strong password and up-to-date firmware.
Beware of wearables
Wearable smart devices allow companies to log even more data than ever before; they can track your every move to know exactly where you are and what you are doing at any given time. Again, you as the consumer have no control over what is done with that data. Exercise your discrimination when deciding to use a wearable smart device.
Don’t connect your home’s critical infrastructure to the internet
By design a smart thermostat, burglar alarm, smoke detector and other appliances can be accessed remotely, meaning a malicious actor can gain control of your entire home, without even needing to be nearby. And by breaching multiple devices, the effects can be severe.
Monitor your home network closely
Monitor your local network for suspicious activity.
Deny internet access where possible
If only possible deny the device/app internet access and use it only on your local network. You can configure a firewall to block specific devices from sending or receiving from the internet.
Risk assessment and active management
Assess risks with your audience and data in mind: Be mindful of whose data is being collected (for example that of children). Manage which devices can operate when (such as turning cameras off when you are at home, or disabling the internet for certain devices at specific times of day)