Armor's Guide to Home Automation: 6 security measures you need to know about IoT

Tim Travis - Device Technician and Engineering Tech
IoT

For the past five years, we have become surrounded by hundreds of different internet-connected devices: from smart door locks, smart switches, and smart light bulbs, to smart speakers, smart security cameras, smart thermostats, and smart smoke detectors. This revolution, known as the "Internet of Things" or "IoT," has transformed the way we conduct our daily lives and chances are you have already been gifted, bought, or received a smart device as part of a promotion. Terms like "Alexa," "Hey Google," and "Siri" are already household names. So what do you stand to learn from Armor about IoT? We hope to give you the tools and knowledge necessary to make informed decisions about your digital lifestyle, privacy, and home security. IoT promises limitless potential for automating out the menial tasks of home living; however, Home Automation could leave you and millions of others exposed to malicious attacks.

Although the Internet of Things has made it easier than ever for a savvy home DIY enthusiast to set up automated actions and smartphone-controlled rooms and appliances, there are also some data collection and internet connectivity policies that should give the average user some caution before immediately buying and setting up their own smart home. The following points are some of the best security practices when configuring your Home Automation.

Use and understand your network equipment

Use and understand your network equipment

All-too-often, residents put themselves at the mercy of their internet provider for their network security, whether it be an ISP-supplied modem with built-in WiFi or default credentials on a leased router. Having equipment labeled clearly with their login credentials is a security risk, and chances are the average user has not changed their WiFi password or router login information to something other than the default. Even in cases of buying their own Internet Access Points, users may be entirely unaware that their WiFi is unsecured with no password and security protocol until it is too late and their data is either stolen or they find themselves locked out of using their own internet connection.

Your smartphone has become more valuable than ever—protect it

Your smartphone has become more valuable than ever—protect it

The very first step to keeping your smartphone and related Smart Home controls safe from tampering and malicious use is to lock it with a passcode, pattern, or password. Any biometric locks such as facial scans or fingerprints should always be thought of as more of a convenience than a secure way to lock your device.The next point deals more with your accounts that you will be using on your smartphone.

Keep your account passwords somewhere safe—store physical contingencies

Keep your account passwords somewhere safe—store physical contingencies

Google and many different services offer "backup codes" when your phone or account has been compromised and your 2-factor authentication has been hijacked or stolen. These "backup codes" are usually a set of a dozen or more strings of text and numbers that are to be printed out and stored in a secure physical location and only used for security emergencies. Having these codes prepared and ready is a great step towards thwarting any additional damage from a security breach.

As for individual smart home device accounts, try to use a pseudo-randomly generated password that is different for each account and have them written and stored somewhere safe.

Keep your backdoors closed

firewalla

Many cheap Chinese-knockoff or unusually affordable Home Automation gadgets come with "backdoors" or security holes that accept an unchangeable master password or direct connection to their parent company, despite your firewall settings. Many users were even mocked and taunted by their own IP cameras, in one case, when such a backdoor was exploited by hackers.

Luckily, you do not need advanced training in networking to keep your network safe from unauthorized traffic escaping. One device, called "firewalla," detects malicious incoming and outgoing traffic, including spammers and ads, and blocks it from reading its intended target or recipient. Even an ad-blocking network hub such as a DIY "Pi-Hole" is well within the ability of the average tech-savvy user to create and configure.

Know that your "Privacy" is no longer truly "Private"

Know that your "Privacy" is no longer truly "Private"

When you agree to the terms and conditions of your Alexa, Siri, or Google Nest device, you have authorized their parent company to retain recordings of your voice, commands, and conversations with your device for targeted ads and product recommendations, AI training of voice recognition, and other related corporate research. Be careful to place your smart speakers (all of which contain a microphone) in areas that you are comfortable having your activities or conversations recorded, even if the audio will be anonymously analyzed by a corporate third-party or data-mining firm. Remember, all of these devices have a Mute button for added security.

Understand physical fire and home hazards

Understand physical fire and home hazards

Since much of this technology is being integrated into appliances such as ovens, refrigerators, coffee machines, and dishwashers, understand that each convenience comes with its own set of risks. Essentially, we consumers are "Beta-Testers" for much of this new technology and need to be prepared to accept the physical risks that come with sending diagnostic data back to devise vendors. For example, many Smart Oven users experienced their ovens were operational during times of disuse and during the night. Other possibilities are a dishwasher flooding a kitchen from overflowing, a refrigerator freezing food, or a coffee machine heater failing to turn off within the allotted time. Would you be comfortable with these unexpected device behaviors? And what countermeasures would you have?

If you indeed desire or own a smart device with commercial-grade heaters, motors, or water pumps, make sure to have leak detectors, smoke alarms, and perhaps a wired line to your local fire department to ensure a hardware malfunction does not lead to a catastrophe. Balance your risk with countermeasures that fit your needs.

Wrapping Things Up

Despite how much of the above advice may sound discouraging or terrifying, understand that Armor has your best interest in mind and wants you to be prepared for tomorrow's technological hazards today. We specialize in home installations and commercial installation services, so if you have any reluctance at all or want use to consult for a potential Home Automation setup, feel free to email us, give us a call, or reach out to us on Facebook. Even if you are already comfortable with your current array of smart devices, we can offer you greater security, peace of mind, and over-the-phone or remote support for your home or business. And if you find yourself technologically challenged but enthusiastic, we are ready to make your IoT dreams a reality by setting up everything from networking to smartphone app configuration.