Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It?

The smart home is often idealized as a domestic paradise — your fridge orders your groceries for you, your robot vacuum cleaner zooms from room to room, and changing the thermostat is as easy as pulling up an app on your phone. But beneath the surface of this always-on, seamlessly connected exterior, however, lie significant concerns about privacy and cybersecurity.

These concerns were dramatized in the Season 2 premiere of the cyber-drama ‘Mr. Robot’. The TV and stereo are switched on and off randomly; the water temperature in the shower goes from boiling to freezing, and the air conditioning is switched to Arctic temperatures. Someone hacked this fictional smart home, forcing the character to leave. Was this scenario a case of art imitating life, or just some Hollywood script-writer’s daydream? Just how close to reality was it?

Too close to comfort, in fact.

In 2013, reporters at Forbes described how they were able to get remote control of a smart home, enabling them to manipulate lights and water services. University of Michigan researchers revealed flaws in Samsung’s SmartThings platform that let them set off smoke alarms and unlock doors. Check Point’s research team found vulnerabilities in a streaming TV device that would allow hackers to access and control any other home network connected to the device.

The adoption of “digital assistant” devices such as Amazon Echo and Google Home presents an emerging challenge for smart home cyber-security. 35 million Americans use a voice-activated digital assistant at least once a month, and these devices, with their always-on microphones and highly personal data, are an attractive target for cyber criminals.

Just recently, Check Point discovered a vulnerability in the LG Smart ThinQ platform that may have allowed hackers to gain control over various home appliances ranging from ovens & refrigerators to a home bot cleaner. See for yourself how easy it is for a hacker .

Security First, Not an Afterthought

In many cases, smart home devices and platforms are designed primarily for connectivity and user-friendliness, with security coming as an afterthought.

Generally speaking, many of the devices have limited processor and memory capacity, which makes securing them difficult. And once a vulnerability gets discovered, any patch that gets issued will probably not be pushed automatically to the device… leaving it open for exploitation.

And even when the device has security features built in, it’s often the user’s responsibility to implement those features. Whether that involves setting up data encryption, changing the passwords, or downloading the latest firmware version, it’s well-established that most users don’t take cyber hygiene seriously enough: a recent survey found that more than 50% of companies using smart devices do not change the default password after purchasing.
If there’s one thing that we’ve learned in over 20 years in the cyber security sector, it’s that whenever a new computing device is launched… someone, somewhere, will figure out how to hack into it.

Outsmarting your smart homes

The good news is that there are practical measures that you can (and should) take to better secure the smart devices and networks in your home against hacking and digital intrusion attempts.

Here are our five tips:

  1. Secure your wireless network
  • Make sure that your wireless network is protected by Wi-Fi protected access II (WPA2) and that you use a strong, complex password.
  • Give the network a unique name. Don’t make it obvious with your first or last name, or don’t use your phone number as your username or password either – that could be very easy to figure out and hack into.
  • Restrict the devices that can access your network, and never make it public.
  1. Create two separate Wi-Fi networks
  • Use one network for computers, tablets and smartphones which should be used for secure online banking and shopping. The second network should be used for smart devices. Separating these two will better protect your data.
  1. Keep your passwords strong
  • Make sure that the first thing you do when buying a smart home device is to immediately change the default password that it’s supplied with.
  • Change each password to be much more complex, and ensure it’s different than other passwords you’ve used.
  • Changing the username of devices is also recommended.
  1. Use a firewall to secure your home network
  • A firewall allows you to control and restrict incoming connections.
  • Smart devices include details about ports, network protocols and the IP address. Enabling a personal firewall will block unwanted traffic to specific ports, keeping you safer.
  1. Implement Firmware & Software updates
  • Check the manufacturer’s website if there is any firmware or software updates available. If so, apply them. Having an up-to-date software or firmware version will reduce the likelihood of an attack which is based on an old exploit.