{"id":25661,"date":"2023-03-13T06:14:18","date_gmt":"2023-03-13T06:14:18","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/how-to-secure-smart-home\/25661\/"},"modified":"2023-03-13T06:14:18","modified_gmt":"2023-03-13T06:14:18","slug":"how-to-secure-smart-home","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/how-to-secure-smart-home\/25661\/","title":{"rendered":"How to secure your smart home"},"content":{"rendered":"<p>Intelligent features and internet connectivity are built into most television sets, baby monitors, and many other digital devices these days. Regardless of whether you use these smart features or not, smart devices produce security risks that you should know about and take steps to protect yourself against, while if you\u2019re using plenty of the features of your smart home, securing its components is all the more critical. We\u2019ve already published a <a href=\"https:\/\/www.kaspersky.com\/blog\/smart-home-zigbee-thread-matter-advice\/47343\/\" target=\"_blank\" rel=\"noopener nofollow\">separate article on planning a smart home<\/a>, so here we\u2019ll be focusing on security.<\/p>\n<h2>The biggest smart home risks<\/h2>\n<p>Networked home appliances produce several, essentially different types of risks:<\/p>\n<ul>\n<li>The devices <strong>share lots of data with the vendor<\/strong> on a regular basis. For example, your smart television is capable of identifying the content you\u2019re watching \u2014 even if it\u2019s on a flash drive or external player. Certain vendors <a href=\"https:\/\/www.theverge.com\/2021\/11\/10\/22773073\/vizio-acr-advertising-inscape-data-privacy-q3-2021\" target=\"_blank\" rel=\"nofollow noopener\">make big bucks<\/a> by spying on their customers. Even less sophisticated appliances, such as smart washing machines, collect and share data with their vendors.<\/li>\n<li>If your smart device is protected with a weak password, and still runs on its factory settings, which no one has changed, or contains operating system <a href=\"https:\/\/www.kaspersky.com\/blog\/exploit\/2027\/\" target=\"_blank\" rel=\"noopener nofollow\">vulnerabilities<\/a>, <strong>hackers<\/strong> can <strong>hijack<\/strong> the device. The consequences of this vary by device type. A smart washing machine can be shut down in the middle of a wash cycle as a kind of prank, whereas baby monitors can be abused for spying on the inhabitants of the house and <a href=\"https:\/\/whdh.com\/news\/take-your-clothes-off-hacker-uses-security-system-to-talk-to-nanny-children-inside-home\/\" target=\"_blank\" rel=\"nofollow noopener\">even scaring them<\/a>. A fully-featured smart home is susceptible to scenarios that are downright nasty \u2014 such as <a href=\"https:\/\/www.kaspersky.com\/blog\/hacking-things\/27431\/\" target=\"_blank\" rel=\"noopener nofollow\">a blackout or heating shutdown<\/a>.<\/li>\n<li>A hijacked smart device can be infected with malicious code and used for launching cyberattacks both on computers on the home network and devices on the broader Web. Powerful <a href=\"https:\/\/www.kaspersky.com\/blog\/ddos-broken-apart-when-they-all-start-shouting-at-once\/2231\/\" target=\"_blank\" rel=\"noopener nofollow\">DDoS attacks<\/a> are known to have been launched entirely from <a href=\"https:\/\/arstechnica.com\/information-technology\/2016\/10\/double-dip-internet-of-things-botnet-attack-felt-across-the-internet\/\" target=\"_blank\" rel=\"nofollow noopener\">infected surveillance cameras<\/a>. The owner of the infected gadget risks seeing their internet connection choked and getting onto various blacklists.<\/li>\n<li>If the level of security implemented by the vendor is insufficient, the data sent by the device can be found and published. Surveillance and peephole camera footage is sometimes stored in poorly protected cloud environments \u2014 <a href=\"https:\/\/www.kaspersky.com\/blog\/ip-cameras-unsecurity-eufy\/46574\/\" target=\"_blank\" rel=\"noopener nofollow\">free for anyone to watch<\/a>.<\/li>\n<\/ul>\n<p>Luckily for you, none of these horrors has to befall you \u2014 the risks can be significantly lessened.<\/p>\n<h2>What if you don\u2019t need your home to be smart<\/h2>\n<p>An unutilized smart home is a fairly common situation. According to <a href=\"https:\/\/arstechnica.com\/gadgets\/2023\/01\/half-of-smart-appliances-remain-disconnected-from-internet-makers-lament\/\" target=\"_blank\" rel=\"nofollow noopener\">appliance vendor statistics<\/a>, half of all IoT devices never see a network connection. The owners use them in the old-fashioned non-smart mode, without management via a mobile app or any of the other twenty-first-century luxuries. However, even a non-configured device like that produces security risks. It\u2019s quite likely that it exposes a freely accessible, unsecured Wi-Fi access point or tries to connect to nearby phones via Bluetooth every now and then. In that case, someone, such as your neighbors, could assume control. Therefore, the minimum you need to do to \u201cdumb down\u201d your smart home appliances is review the user manual, open the settings, and turn off both Wi-Fi and Bluetooth connectivity.<\/p>\n<p>There are devices that won\u2019t let you do this or will turn Wi-Fi back on after a power interruption. This can be fixed with a trick that\u2019s a bit challenging but gets the job done: changing your home Wi-Fi password temporarily, connecting the misbehaving device, and then changing the password again. The device will keep trying to connect using the invalid password, but it will be impossible to hack it by abusing the default settings.<\/p>\n<h2>General advice<\/h2>\n<p>Regardless of whether <a href=\"https:\/\/www.kaspersky.com\/blog\/smart-home-zigbee-thread-matter-advice\/47343\/\" target=\"_blank\" rel=\"noopener nofollow\">your smart home is centrally managed or composed of mismatched devices not connected to one another<\/a>, they still need basic security.<\/p>\n<ul>\n<li><strong>Make sure your Wi-Fi router is secured.<\/strong> Remember that your router is a part of the smart home system too. We\u2019ve published several detailed guides to <a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-protect-wifi-from-neighbors\/39039\/\" target=\"_blank\" rel=\"noopener nofollow\">securing a home Wi-Fi system<\/a> and <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-home-wifi\/13371\/\" target=\"_blank\" rel=\"noopener nofollow\">configuring a router properly<\/a>. The only thing we\u2019d like to add is that home-router firmware is often found to contain vulnerabilities that are exploited for attacking home networks, so the set-and-forget approach doesn\u2019t work here. Firmware updates need to be checked on a regular basis. Quality routers let you update their firmware right from the web interface management panel. If that\u2019s not the case for you, visit the vendor\u2019s website or contact your internet service provider to obtain a newer version of the firmware and follow the appropriate guide to install it. To wrap up this router adventure, check that the ability to manage the router from outside the home network is disabled in the settings. ISP employees may need it for troubleshooting sometimes, but it\u2019s often turned on when it\u2019s not needed, thus increasing cybersecurity risks.<\/li>\n<li><strong>Check your network regularly to make sure there are no unauthorized devices connected to it.<\/strong> The handiest way to do this is by using a dedicated app. <a href=\"https:\/\/www.kaspersky.co.uk\/premium?icid=gb_bb2022-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">Kaspersky Premium<\/a> can display a list of all devices connected to the network, and often also their vendors and protection status where available. It\u2019s important that you keep track of your devices and remove extraneous ones, such as a refrigerator, which has no real need for a Wi-Fi connection \u2014 or a neighbor who hooked up to free Wi-Fi.<\/li>\n<li><strong>Consider vendor reputation when purchasing a gadget.<\/strong> Every vendor suffers from vulnerabilities and defects, but while some are quick to fix their bugs and release updates, others will keep denying there\u2019s a problem for as long as they can. According to a Kaspersky <a href=\"https:\/\/www.kaspersky.com\/blog\/iot-survey-report-2023\/\" target=\"_blank\" rel=\"noopener nofollow\">survey<\/a>, 34% of users believe that choosing a trusted vendor is all that it takes to have a secure smart home. While that certainly lowers the risks, staying secure still requires other steps as well.<\/li>\n<\/ul>\n<h2>What if your smart home is built on Wi-Fi?<\/h2>\n<p>Do you have a bunch of smart devices that aren\u2019t connected to one another, or are joined up with the help of Amazon Alexa or Apple Homekit? In that case, each device independently connects to the internet through Wi-Fi. This is the most complex scenario from a security standpoint, as the passwords, firmware, and vulnerabilities need to be tracked for each device individually. Unfortunately, setup details vary greatly between device types and vendors, so we have to limit ourselves to general recommendations.<\/p>\n<ul>\n<li><strong>Set up a<\/strong> <a href=\"https:\/\/www.kaspersky.com\/blog\/guest-wifi\/23843\/\" target=\"_blank\" rel=\"noopener nofollow\"><strong>guest Wi-Fi network<\/strong><\/a><strong>.<\/strong> Professionals call this \u201cnetwork segmentation\u201d. Ideally, your home network should be split into three segments: home computers, guest devices, and smart home appliances. Many routers are not capable of such miracles, but you should at least have two segments: one for home devices and one for guests. This will keep visitors from reconfiguring your cameras and starting up the robot vacuum just for fun. It goes without saying that the segments must be secured with different Wi-Fi passwords, and the guest segment should have stricter security settings \u2014 such as client isolation, bandwidth limits, and so on. Confining IoT devices to a separate segment reduces associated risks. A hacker wouldn\u2019t be able to attack a home computer from a hijacked IP camera. The reverse is true as well: an infected home computer wouldn\u2019t be able to access a video camera. Open the router\u2019s web-based management interface and review the Wi-Fi settings to follow this tip. If some of your appliances are connected via a cable, make sure that they\u2019re located in the correct network segments by checking the other sections of the router settings.<\/li>\n<li><strong>Set strong passwords.<\/strong> Open the settings for <em>each <\/em>device. This can sometimes be done though an official mobile app, and sometimes through a web interface. Set a long, <em>unique<\/em> password for each device by following the user manual. You can\u2019t use the same password for all devices! To keep your ducks in a row, use a <a href=\"https:\/\/www.kaspersky.com\/blog\/how-secure-is-your-password-manager\/47034\/\" target=\"_blank\" rel=\"noopener nofollow\">password manager<\/a>. By the way, one is included with <a href=\"https:\/\/www.kaspersky.co.uk\/premium?icid=gb_bb2022-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">Kaspersky Premium<\/a>, and it\u2019s also available as a <a href=\"https:\/\/www.kaspersky.co.uk\/password-manager?icid=gb_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener\">standalone app<\/a>.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kpm-download\">\n<ul>\n<li><strong>Update the firmware.<\/strong> Do this for each of your devices that support firmware updates via an app or web interface, and repeat regularly.<\/li>\n<li><strong>Check the online service settings.<\/strong> The same device may be able to operate in different modes \u2014 sending different amounts of information via the internet. For example, a robot vacuum cleaner may be allowed to <a href=\"https:\/\/www.kaspersky.com\/blog\/robot-vacuum-privacy\/46682\/\" target=\"_blank\" rel=\"noopener nofollow\">upload a detailed cleanup pattern to the server<\/a> \u2014 which means a map of your home \u2014 or it may not. A video peephole may be allowed to save to the server each photo or video of a visitor approaching your door that it identifies using a motion sensor, or it may just be allowed to display these when you press the button. Keep from overloading the vendor cloud storage with unneeded information: disable unused features. And it\u2019s better not to send to the server something that can be excluded from sharing without compromising the utility of the device.<\/li>\n<li><strong>Follow updates on the vendors of devices you use.<\/strong> Sometimes, IoT devices are found to contain critical vulnerabilities or other issues, and their owners need to take action: update the firmware, enable or disable a certain feature, reset the password, delete an old cloud backup\u2026 Conscientious vendors typically maintain a section on their website where they publish security recommendations and newsletters, but these are often written in complex language and contain information on many devices that aren\u2019t relevant to you. Therefore, it\u2019s better to check for news about your devices from time to time and visit the official website if you find something alarming.<\/li>\n<\/ul>\n<h2>What if your smart home is centrally managed?<\/h2>\n<p>If your smart home is a centralized system, with most of the devices controlled by a hub, this makes the owner\u2019s task somewhat easier. All of the above steps, such as setting a strong password, regularly updating the firmware and so on, mostly need to be performed on one device: the smart home controller. Enable <a href=\"https:\/\/www.kaspersky.com\/blog\/what_is_two_factor_authentication\/3906\/\" target=\"_blank\" rel=\"noopener nofollow\">two-factor authentication<\/a> on the controller if possible.<\/p>\n<p>We also recommend limiting internet access on the controller, for example by restricting data sharing with any computer except for vendor servers and devices on the home network. This can be done in the home-router settings. Some controllers are capable of functioning without any internet connection at all. If managing your smart home remotely isn\u2019t critical for you, disconnecting the hub from the internet is a powerful security measure. This is no cure-all, as <a href=\"https:\/\/www.techradar.com\/news\/this-router-is-vulnerable-to-fake-updates-and-cross-site-scripting-attacks\" target=\"_blank\" rel=\"nofollow noopener\">complex, multi-stage attacks will remain a threat<\/a>, but at least the most common-or-garden attacks will be prevented.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-generic\">\n","protected":false},"excerpt":{"rendered":"<p>If you want your smart home to do more good than harm, you should configure it correctly and secure it adequately. We review smart-home security in detail.<\/p>\n","protected":false},"author":2722,"featured_media":25662,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1623,2026,9],"tags":[2672,1057,770,187,43,97,638,321,174],"class_list":{"0":"post-25661","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"category-threats","9":"category-tips","10":"tag-tips","11":"tag-ddos","12":"tag-iot","13":"tag-passwords","14":"tag-privacy","15":"tag-security-2","16":"tag-smart-home","17":"tag-technology","18":"tag-wi-fi"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/how-to-secure-smart-home\/25661\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/how-to-secure-smart-home\/25372\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/how-to-secure-smart-home\/20811\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/how-to-secure-smart-home\/27978\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/how-to-secure-smart-home\/26098\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/how-to-secure-smart-home\/28543\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/how-to-secure-smart-home\/34849\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/how-to-secure-smart-home\/47472\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/how-to-secure-smart-home\/20319\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/how-to-secure-smart-home\/20940\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/how-to-secure-smart-home\/29911\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/how-to-secure-smart-home\/25967\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/how-to-secure-smart-home\/31681\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/how-to-secure-smart-home\/31386\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/smart-home\/","name":"smart home"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/25661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=25661"}],"version-history":[{"count":0,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/25661\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/25662"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=25661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=25661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=25661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}