by Zac Amos
Smart home devices have become highly popular in a relatively short period. While this proliferation of connected gadgets is convenient, it also introduces significant security risks.
Connected refrigerators and lightbulbs don’t stand out as inherently dangerous to most people — and that’s part of the problem.
Because these devices seem innocuous, their vulnerabilities are easy to overlook. As smart homes become more popular, the risks will only grow.
Education is the first step in addressing these threats, so here’s how some of the most popular and surprising smart home devices can be risky.
1. Smart Speakers
Smart speakers like Amazon Echos or Google Nest Hubs are often the centerpiece of a smart home. That makes them ideal targets for cybercriminals trying to access data or control other devices on the same network.
Because smart speakers can control other smart devices, cybercriminals who hack into them can take over the entire smart home through one endpoint.
These devices’ multifunctionality also poses a risk. Many have microphones hackers can use to spy on users, and some feature motion-tracking and recognition software criminals can use to track residents throughout their homes.
One security researcher found they could use voice commands on a speaker after hacking into it. That can allow attackers to make online purchases, unlock some vehicles, open smart locks or deactivate connected security systems.
2. Video Doorbells
Video doorbells are another popular but vulnerable smart home device. It may also be easier to miss these endpoints’ vulnerabilities because they’re supposed to make homes more secure, not less.
Hackers who breach video doorbells’ typically minimal built-in protections can take over their cameras, microphones and motion detectors.
From there, they could deactivate these features to leave the home vulnerable to a physical break-in. Alternatively, they could spy on residents through the camera and microphone to see when they’re not home or verbally harass them.
In 2022, two men accessed dozens of smart doorbells to livestream swatting attacks, where attackers fraudulently call emergency responders to an unsuspecting victim’s home.
They only needed an email address and password to get into the cameras. The information was relatively easy to find because many users reused these breached credentials across multiple sites.
3. Smart Thermostats
Cybercriminals can also break into smart thermostats relatively easily. These devices often have weak default security settings, including features that automatically connect to other endpoints on the network. Because home Wi-Fi is one of the easiest entry points for hackers gaining access to a network, they can infiltrate the Wi-Fi and then move into the thermostat.
Access to a smart thermostat lets attackers adjust a home’s temperature to uncomfortable levels. In addition to affecting residents’ comfort, excessive heat or cold could affect the house’s HVAC systems or appliances, leading to costly repairs.
In one attack in 2019, hackers turned a thermostat to 90° Fahrenheit before infecting other endpoints to terrorize homeowners. The victims could only stop the attack after changing their network ID.
4. Smart TVs
Another seemingly harmless device that can cause significant damage is a smart TV. Almost all TVs from the most popular manufacturers today have some smart features. That’s great for convenience but troubling for security.
If a smart TV is on the same network as other unsecured IoT devices, cybercriminals could use it as an entry point to more sensitive data and endpoints. Even if they stay within the TV, they can gather more data than some might expect.
In 2017, the FTC fined Vizio for collecting smart TV users’ viewing history for targeted advertising. Hackers could gather the same information to inform spear phishing attacks or learn more about a user to get past passwords and security questions more effectively. Some smart TVs also have microphones, which cybercriminals could use to eavesdrop on users.
5. Robot Vacuums
Even robotic vacuum cleaners can pose a risk to homeowners’ cybersecurity. Roombas may not seem like they can cause much harm at first, so many users won’t think twice about securing them. However, research shows cybercriminals can eavesdrop through these seemingly harmless devices.
Scientists discovered they could use lidar sensors as microphones after remotely accessing a robot vacuum. These laser systems help the robots navigate, but hackers can redirect them to measure vibrations on nearby surfaces. Deep learning algorithms can then translate these vibrations into sound data.
While these attacks are complex, hackers with the appropriate technical knowledge could use them to spy on users without a conventional microphone. As deep learning becomes more accurate and accessible, these attacks will become easier, making them more common.
How to Secure Smart Home Devices
These smart home device vulnerabilities are concerning, but it’s possible to secure them. Attacks against these endpoints vary, but they all start similarly, so the same basic security controls apply to all IoT devices.
Security starts with shopping for gadgets with better built-in protections. Government regulators are working on a cybersecurity labeling program where devices that meet security standards can show a seal of approval, so future consumers should look for these labels. Until that program takes effect, users can read reviews and look at individual devices’ security features to judge their safety.
Only use devices with features like multi-factor authentication and data encryption. Keep in mind that some electronics ship with these settings off by default, so it’s important to double-check and enable them if they’re not already on.
Keeping smart home devices on a separate network from computers and phones is also a good idea. This separation will minimize attacks where criminals jump from device to device, as they can with smart speakers or Wi-Fi routers. Finally, smart home users should turn on automatic updates on all their devices to keep them secure.
Smart Home Devices Are Vulnerable But Defensible
Smart home devices seem innocent initially, but the more popular they become, the more dangerous they can be. Cybercriminals have already started targeting these endpoints, so users must take security seriously.
These vulnerabilities are too common and cybercriminals are too crafty for homeowners to assume anything is ever completely safe.
If users understand these risks and follow these recommendations, they can use their smart homes safely. Convenience doesn’t have to come at the expense of security.