Hackable Holidays: 6 steps to protect your smart home from spies

This is the second part of WTOP’s consumer series Hackable Holidays, which explores privacy concerns associated with smart devices and how consumers can better protect themselves this holiday season.

WASHINGTON — Smart home devices, such as the Amazon Echo and Google Home, are some of the hottest holiday gifts this year. But if you aren’t savvy about security, it may be the hackers who are celebrating. Experts suggest consumers take six extra steps to secure themselves from a digital break-in.

The signs of a break-in used to be more obvious — a broken window or a tampered lock. But smart home technology is creating a pathway for hackers to access the personal information, even the daily habits of its owners, while avoiding detection.

“If you’re not careful with your smart gadgets, it basically creates an open door … the good news is it’s not that tough to sidestep or reduce the chances of becoming a victim,” said WTOP’s Data Doctor columnist Ken Colburn.

Whether it’s the Amazon Echo, Google Home or forthcoming Apple Homepod, each can be synced with other smart devices in a home, such as your lights, security system, even appliances — all parts of what’s known as the “internet of things.”

“Smart home electronics, keep in mind it’s a fairly new field … I think right now as these smart electronics are in their infancy, [consumers] are learning their vulnerabilities,” said Tracy Walraven, a forensic scientist in D.C.’s Department of Forensic Science Digital Evidence Unit.

It’s unlikely a hacker will turn off your smart refrigerator for the fun of it, but Walraven says an unsecured home network, or one with a password that’s easy to crack, would allow a hacker to learn a homeowner’s behavior. For example, when the thermostat is in vacation mode, where the home security cameras have blind spots and even a family’s topics of interest based on the questions the device answers.

New research conducted by Princeton University and published on the Federal Trade Commission’s website concludes, “the privacy concerns of owning many internet connected devices with always-on environmental sensors remain insufficiently addressed.”

Six steps to protect a smart home device from hacks:

1. Choose a more secure home Wi-Fi and give it an obscure name. The most widely used Wi-Fi security protocol, Wired Equivalent Privacy (WEP) is weak and easily compromised, tech experts at Tom’s Guide suggest. Switch to Wi-Fi Protected Access II (WPA2) protocol. Name it something far from obvious that has no connection to your username, password or address.
2. Use multifactor authentication and complete security updates. “The problem is that most people, when they have a DIY or do-it-yourself situation, you pull it out of the box and you get it to work. And then you didn’t continue to read the instructions on how to properly secure the device, or you really haven’t thought about it,” Colburn said. He suggests using a smart firewall to beef up network security in case you miss a step.
3. Install malware protection and consider a firewall. Malware protection is an extra layer of security software. While the wireless network may be secure, it’s not protected from various types of malware that can be transmitted via the internet. A smart monitoring system is worth considering, Colburn said. “This is much more sophisticated than a simple firewall. This is an actual monitoring system that will monitor every single device on your network and block known attempts to try to compromise the devices, but more importantly let you know when a device is doing something odd.” Colburn wrote more on smart firewalls on WTOP’s Data Doctors page.
4. Avoid public Wi-Fi. It is essentially the same as leaving your house unlocked. It basically creates another open door, Colburn said. While it may seem easier to link up to a nearby unsecured Wi-Fi, setting up even something as mundane as a garage door opener will allow an open door into your otherwise secure network.
5. Keep your devices on separate Wi-Fi from your computer. If your router can handle different SSIDs, use one network for a computer or tablet where a consumer does online banking and shopping and another for smart devices like an internet-connected thermostat or garage door opener. “You can create separate Wi-Fi networks in your home so that there’s actually what we refer to as an airwall, where the two networks can’t really talk to each other. It’s a little more complex than just setting up a regular network. It’s intermediate level stuff that most people with the help of a friend should be able to set it up,” Colburn said.
6. Change default usernames and passwords on devices.  Make sure to change the default factory setting which comes preloaded on new devices, suggests tech information site Tom’s Guide. Change each to something strong and complex and regularly change them. When possible, also change the default usernames, which hackers can easily search online. If not, “You made it easy for the hacker to compromise you or your device, therefore, you became a victim,” Colburn said. Also consider who has your Wi-Fi password, and change it often if you plan on giving it out to guests, he says.

If the smart home device is a gift, Walraven suggests having a conversation with the person using it about the importance of security.

“The best thing for consumers to do is be cognizant of the dangers of these devices and … just be aware of what they do. And if you’re giving them to somebody who may not be as tech-savvy, such as an older parent, explain to them those dangers,” Walraven said.

Colburn agreed but said he does not want to caution consumers away from smart home technology.

“These are wonderful things, you shouldn’t be afraid of it. It’s just like driving. You need to educate yourself about the best way to stay safe and if you do, you can go forward with a lot more confidence,” Colburn said.