Sarah MacReading/Wirecutter
By Rachel Cericola
Ms. Cericola is a Staff Writer at Wirecutter, the product review site owned by The New York Times Company.
By connecting smart devices like lights,
cameras, door locks and thermostats to the Internet, you may be making
them — and you — visible to digital thieves or hackers.
“Every device connected to the Internet
is a target,” said Theresa Payton, a former White House chief
information officer and the founder and chief executive of Fortalice
Solutions. A few recent news stories also illustrate the power these
devices have.
One family’s living room Wi-Fi camera
was infiltrated, allowing someone to not only control the camera and spy
on them, but to broadcast sound — including a false report of a nuclear
missile attack. We’ve also seen domestic abusers tap into smart home
technology to intimidate and stalk former partners.
According to statistics website
Statista, there will be about 42 million smart homes by the end of 2019,
but little more than anecdotal evidence of security compromises. So
while stories about hacks and privacy breaches are indeed scary, so far
they’re also rare. The vast majority of smart home users aren’t getting
hacked.
Still, as with any internet-connected
device, taking precautions is essential. At Wirecutter, the New York
Times company that reviews products, we’ve consulted with a range of
experts who offered some tips that will go a long way toward protecting
you and your home — and don’t require a lot of time, money or technical
know-how. We’ve also done extensive testing of smart home devices and we
consider a product’s security measures as part of our evaluation
process.
Protect your network
One of the things that makes smart home
devices “smart” is their ability to connect to the internet over your
home’s Wi-Fi network. That’s why it’s essential that you properly secure
it. If you don’t protect your Wi-Fi network with a password, or you
only use the default password that came with your modem or router, all
of your devices are exposed — the digital equivalent of leaving your
front door wide open with a neon welcome sign overhead.
“People need to realize there’s actually
catalogs of all those default passwords on the internet,” Ms. Payton
said. Lock your network down with a password, one that is unique and not
shared with any other accounts you have. Ms. Payton also suggests
completely hiding your home network from view, an option in your
router’s settings menu. “So when somebody drives by, they think you
don’t have internet. They can’t see it,” she said.
You can add another layer of protection
by isolating your smart home devices from your computers and smartphones
using a guest network, a common option in many popular routers.
“That way, the devices will be sort of
quarantined by themselves,” said David Templeton, an information
security analyst at The New York Times. Doing this also makes it easier
to take devices offline without having to upset your entire network.
Use unique passwords for everything
Many people make the mistake of using
the same username and password combination on multiple devices or
accounts. If any one of those combinations is discovered — as happens a
lot, such as when giant companies like Facebook and Yahoo get hacked —
an enterprising thief could try them out on popular banking websites,
social networks, email providers and websites that allow control of
smart devices.
You need to use unique passwords for
everything — including shopping sites you visit, services you use, your
home network and of course, each of your smart home devices. Remembering
such an encyclopedia of passwords is functionally impossible, which is
why Mr. Templeton suggests using a password manager,
which not only creates unique passwords automatically but also keeps
track of them across all your devices. Wirecutter has suggestions for
the best ones to use here.
Stick with reputable brands
All of our security experts agree that
it’s best to pick smart devices from established brands. Those companies
have a reputation to protect, along with the infrastructure to back it
up.
That also means they likely have the
ability to employ better security measures when designing their
products, and unlike no-name brands or many start-ups, you can
reasonably expect them to release software patches and fixes if
vulnerabilities are discovered. And naturally, we recommend reading
good, high-quality reviews (and admittedly, we’re biased toward our own)
before making a purchase.
Secure your devices
There are a few additional ways to
further secure your smart devices. A number of companies now offer a
verification system to control access to devices, called two-factor
authentication. When you attempt to log into an app, a one-time-use code
is sent to another of your devices, which then needs to be entered in
the original app. It’s not perfect, but makes it virtually impossible
for someone unwanted to access your accounts.
Also, many manufacturers allow you to
opt into automatic hardware and software updates, something that will
ensure the latest fixes get installed to repair new security
vulnerabilities. Make sure you check the settings section of your
devices’ apps and your smartphone’s app marketplace for updates to
devices that don’t automatically do this.
Ms. Payton said she also reboots smart
home devices once a week as an added security measure. “That reboot will
actually make it grab any new security and privacy settings and
downloads when it reconnects to the internet,” she explained. However,
this is impractical for some devices, especially ones that are
hard-wired into your home like in-wall dimmers and smart thermostats.
Reset before you resell
Just because you’re ready to ditch a
device doesn’t mean it’s ready to forget you. After all, your Wi-Fi
password and other personal info is often stored on that camera, smart
plug or smart bulb. Before selling or recycling any device, be sure to
do a factory reset first. Some devices require a button-press on the
actual device, while others allow you to do it from the app. Either way,
make sure that your info is no longer available through the app.
If a device is broken and you’re unable
to wipe it clean, make sure it’s really broken and smash its components
to pieces. According to the United States Computer Emergency Readiness
Team, “Physical destruction of a device is the ultimate way to prevent
others from retrieving your information.”
I like to think about all those times a
device stopped working or disconnected from the network, and the idea of
whacking it with a hammer. Just make sure you don’t hurt yourself in
the process.
Whose responsibility is security?
There is mounting pressure on
manufacturers to adopt better security practices. “The industry should
be using strong encryption wherever possible, verifying firmware updates
and inviting security audits,” said Bennett Cyphers, a staff
technologist at the Electronic Frontier Foundation.
The E.F.F. and organizations like The
Digital Standard and the Mozilla Foundation are pressuring companies and
government bodies to put stronger security practices in place. But
everyone we spoke to agrees that, for now, consumers need to be
proactive about security.
“Honestly, given where we are and how
businesses think about security and privacy, the onus is on you. Nobody
can look out for your security and privacy like you can for you and your
family,” Ms. Payton said.
Link to the article: https://www.nytimes.com/2019/03/27/smarter-living/wirecutter/how-to-protect-your-smart-home-from-hackers.html
Related articles: https://towsonareacop.wordpress.com/2017/03/08/how-to-protect-your-home-from-burglaries-thieves-tell-all-today-com/
For further assistance in home security, click here for more: http://villaricalocksmith.net/
No comments:
Post a Comment