Can Smart Homes be Hacked?

Are smart homes safe? Anna-Marie DeSouza investigates the security issues surrounding smart home technology
by Anna-Marie DeSouza
27th May 2018

Many of us want to create a state-of-the-art smart home with all the bells and whistles – but if you believe the tabloids, you might be opening yourself up to the risk of a cyber attack.

In the analogue world, you’d know pretty quickly if there had been a security breach in your home; because you’d probably be greeted by the sight of a broken door or smashed window.

It might be difficult to deal with the fall-out, but at least there’s a tell-tale sign of how to prevent a repeat. In the modern age, the mass popularity of smart home technology, social media and cloud-based data has opened up a new, more hidden threat. But how real is it?

Cyber crime is growing quickly in the UK – but in terms of individual homes being subjected to direct hacking, the numbers are still tiny in comparison to physical burglary.

Nevertheless, with more of our lives now online (estimates suggest the average household will have have 15 internet-connected devices come 2020), criminals can access so much more than your personal possessions. Among the areas cyber crooks might target are bank details, credit card information and identity documents. So it’s important to stay safe.

Hacking smart technology

In mid 2017, an investigation by consumer watchdog Which? revealed that much smart tech was vulnerable to hacking. From common routers through to CCTV cameras and even children’s toys, the number of issues with smart technology security raised plenty of eyebrows.

The report garnered a lot of media attention just as the idea of managing our daily lives iva the internet of things (IoT) was taking off – leaving many homeowners to wonder how secure their gadgets really were.

Just a few months later, in the run-up to Christmas, voice-activated home tech came under yet more scrutiny. Tech security experts and publications were unearthing issues with elements such as security settings, always-on listening devices and drop-in intercom functions. Many of these required a physical on-site hack to older, poorly maintained hardware – but there’s no doubting the importance of bringing such vulnerabilities to light.

And just recently an Alexa gadget has reportedly recorded a homeowner’s entire conversation and sent it to a random contact.

“With artificial intelligence, retina scans, finger print unlocking, voice activation and all manner of IoT devices, the potential for cyber attacks has increased exponentially. The amount that Alexa knows about our daily routines and personal preferences can be quite scary,” says future living expert James Fenner, of marketers Silk Road.

“Despite the proliferation of smart home technologies, many people still question the safety of the IoT landscape: two-thirds of global consumers are very concerned about their data being hacked by cyber criminals.”

The dangers of weak passwords

The internet brings a connected home to life – but it’s important to be aware that connectivity brings risks. Our home networks carry critical information between all of the devices they’re hooked up to. Laptops, mobile phones, voice assistants, security systems, heating controls and more all use the same network, so it’s vital you have a robust, high-performance infrastructure that you can rely on.

But it’s not as simple as getting a professional to install a fit-and-forget setup. Every device needs to be properly protected – and responsibility for this often comes down to the user.

“One of the main reasons for being hacked is that people fail to change the default username or password on their internet-connected devices; whether it’s for security cameras, baby monitors etc,” says Chhaya Landschultz of CEDIA member Indigo Zest.

Instead, poeople often purchase a smart home product and plug it straight in; but those out-of-the-box passwords are easily generated and potentially straightforward to discover in online manuals.

“The use of weak passwords is a big issue, too,” says Chhaya. “Using familiar and personal information is obvious and again easy for a hacker to source and decipher.”

Examples of weak passwords include pet’s and children’s names, birthdates etc, much of which can be found in seconds on social media. “The problem also extends to the use of the same password across multiple accounts,” says Chhaya.

Maintaining smart home technology

In some respects, we simply haven’t caught up with the pace of technological change

If you had a train to catch but thought you’d left a window ajar at home, chances are you would hightail it back to the house to make sure you’d locked it up properly. Yet how many times have you not bothered to accept the latest auto-update to the software on your computer, laptop, phone or tablet straight away – or failed to renew your antivirus protection?

Doing so could open the door to hackers.

“Smart homes in their own right are not insecure; it is people and their implementation of procedures and regular maintenance that can cause problems,” says Chhaya. “As a systems integrator, a crucial part of creating a connected home is in building users’ networks, and professionally installing and setting up their IoT devices.”

But creating a secure smart home environment doesn’t end there. “We are aware of the pitfalls, so we recommend that our customers sign up for a support agreement, which means we regularly update their systems to maintain a high level of security,” says Chhaya.

“We can do this remotely and automatically in the background. We will be alerted to any potential issue and, nine times out of 10, we will have fixed and secured it before the customer is even aware of it. However, all of this can be compromised by someone having a weak password on just one of their personal devices.”

Simple steps to keep your smart home technology secure

  • A lot of tech is supplied with basic default passwords, such as 0000 or 1234, so that it’s easier for the manufacturer to set up. Be sure to change these immediately when you bring the product home.
  • Change your passwords regularly, especially if multiple users have access, and go for codes that can’t be guessed easily.
  • Consider using secure password generators and products that require multifactor authentication. Options range from codes sent by text to verify identity through to thumb or retina scans.
  • Make sure you keep all smart devices up to date with the latest software (most releases include upgraded security protection).
  • You should always make certain that your network is equipped with high-quality firewall and antivirus software.
  • If you’re investing in a significant smart home technology setup, use a reputable installer and consider taking out a support agreement to put the security management in professional hands.

Ultimately, the expert view is that the tech itself isn’t the cause of hacking: our collective failure to regularly maintain, update and securely protect our gadgets is key.

Safe’s Anthony Neary echoes the sentiment, although he makes it clear that suppliers have a duty of care to encourage customers to keep their systems in good working order. “Manufacturers and retailers are aware of the risks associated with IoT,” he says, “but it’s important this knowledge is shared with the end user to ensure proper cyber protection in smart homes.”

He also points out that good specification is vital, as the tech is evolving quickly. “For example, Yale Smart Home Alarms feature rolling code technology,” says Anthony. “This ensures it’s not possible to make a clone to intercept your remote control, as the unique code is changed every time it’s sent to the control panel. If a code is intercepted for potential misuse, it simply
won’t work, so this adds a further level of security.”

What is the government doing to ensure smart homes are safe?

There’s no doubt that the threat is real, but the good news is there are simple, achievable steps that will drastically improve your smart home’s security and make it far less susceptible to attack. See the box (above) for some top tips.

The government has taken note of the proliferation of IoT devices and recently issued a Secure by Design report. This includes a draft code of practice aimed at making sure developers and manufacturers take their role in end-user system security seriously.

Among other things, the guidelines seek to ensure that software is automatically updated, passwords can’t be reset to factory defaults and that any sensitive data transmitted by apps is encrypted.

Main image: The Yale SR-330 Smart Home Alarm, View & Control kit, £329 at Safe.co.uk, allows you to see who is at the door even when you’re not in, via an app on your phone. The alarm even sends text and email notifications when triggered, and features rolling code technology to preclude the possibility of the controls being cloned

Leave a Reply

You must be logged in to post a comment.

You may be interested in

Our sponsors