Over the past 10 years, smart home devices such as Amazon Echo, Google Home and Nest thermostat have made their way into many American homes.
In fact, as of 2021, over 258.54 million households worldwide have at least one smart home device, also known as an internet of things device, in their home, according to data from Statista.
However, recent large-scale cyberattacks on both Colonial Pipeline and JBS have some questioning whether the devices they have placed in their own homes are safe.
Richard Warner, the founder of the cybersecurity newsletter Aware Force, said the real concern relates to older smart home devices.
“The older ones were manufactured before there were standards,” Warner said. “The real motivator for creating the earlier devices was to make it cheap … security was not really something that was top of mind.”
Warner said if you are buying an IoT device now, you should not be concerned about being vulnerable to hackers, especially if the device is from a reputable manufacturer such as Amazon, Google, Apple or Nest.
Bryson Payne, director of the Center for Cyber Operations Education at the University of North Georgia said there are two things you can do to increase the security of your IoT devices.
The first step is changing any passwords associated with these devices to a custom password. Payne said most hackers will first lookup the instruction manual of the device they are trying to compromise, and then attempt to access it using the default password.
The second step to take to keep an IoT device secure is to enable automatic updates. According to Payne, these updates typically include security patches that aim to remove vulnerabilities that hackers would otherwise be able to exploit.
Warner said you should also change the default password on your WiFi router. While not necessarily an IoT device, most, if not all IoT devices will connect to the router for the internet. If a third party can easily access your router, that could leave your whole network of devices vulnerable.
If you are interested in learning about your home devices and whether they are considered vulnerable or secure, Warner recommended visiting PrivacyNotIncluded.com. The website, which is run by the Mozilla Foundation, has a list of the most common IoT devices and information on how secure they are.
Payne said even with all of this in mind, there are still real-world examples of hacks on common household devices.
“Just a few years ago, the Mirai Botnet … that was smart DVRs, there were somewhere between 100,000 and 400,000 of those devices that were able to take down Facebook and Twitter,” Payne said.
While it may not seem like much, even a DVR has a small computer running in it, which can run a computer program.
“That’s all that a hacker really needs,” Payne said.
Payne said typically if a hacker gets into a smart home device, they can either spy on other devices on your network, or incorporate that device into a large botnet, as seen in the Mirai Botnet example.
However, Payne said assuming you are following the steps he suggested, your devices should be secure and safe from malicious third parties.
