How Can You Protect Your In-home IoT Devices from Hacking?
This article was published on Thomas.
You’ve just sat down on the couch with a glass of wine after settling your children for the night, safe in the knowledge that you can monitor them via the smart security camera you’ve installed in their bedroom. Without warning, a stranger’s voice booms through the camera’s speaker, taunting your terrified children and guaranteeing they’ll never sleep soundly in that bedroom again. Is this really the enhanced security system you signed up for?
In recent months, an increasing number of home smart devices have fallen victim to hackers. In the U.S., every 39 seconds someone's device or account is hacked, affecting a third of Americans each year.
Ring, an Amazon-owned company, has developed a range of smart home security devices equipped with motion sensors including video doorbells, security cameras, and alarms. Users can monitor their home via smartphone, tablet, or PC and are instantly alerted when an intruder is detected. Smart security systems like Ring are designed to put customers at ease, working alongside virtual AI assistant Alexa and providing optional 24/7 professional monitoring.
But in an ironic turn of events, the company came under fire after a series of hacks this past December left customers alarmed and upset. Hackers live-streamed themselves gaining access to Ring devices, frightening children, and making violent threats and racist comments.
Ring has assured its customers that the attacks are a result of individual hacks using customer details obtained through other data breaches and not a breach of Ring’s own database. This form of hacking, called credential stuffing, involves hackers accessing accounts by using a list of compromised login details.
Once access is gained, the hacker can view a camera’s output in real-time and use any of the device’s additional features including voice chatting and alarms. Whether or not Ring is to blame is up for dispute, but customers are understandably outraged leading to one Alabama-based man taking legal action claiming the security systems are fatally flawed.
Unfortunately, all IoT home devices can be hacked as easily as any website or computer, and the fact that most are connected via consumer-grade home routers makes them all the more susceptible to an attack.
Should Smart Security Providers Do More to Protect Consumers?
Critics of Ring have argued that the company shouldn’t be placing blame or responsibility on its users and could be doing more to prioritize customer security. One study found that under a third of Americans use two-factor authentication and over 50% haven’t even heard of it, which arguably makes smart-device providers responsible to keep their customers safe.
Ring has yet to require two-step security authentication on its devices, perhaps because adding an additional step is considered inconvenient. This security feature would require all users to submit an extra step before gaining access to their smart device account.
Additional security measures might include requiring device owners to authorize new users before they are granted access and tracking unusual behaviors such as multiple login attempts or logins from unfamiliar locations.
How Can Customers Keep Themselves Safe?
In light of these recent hacks, smart device owners should take extra precautions to protect themselves from hackers. Here are five tips for staying safe.
1. Use secure passwords – It’s important to change your password regularly and choose something unique (that doesn’t match login details for other accounts). It’s most secure to use passphrases, which are trickier for hackers to guess.
2. Choose security over convenience – If two-step authentication is an option, use it!
3. Understand your IoT vulnerabilities – Outdoor smart devices, such as doorbells and garage door alarms, are the most susceptible whereas home appliances like ovens or refrigerators are much less likely to be. Do your research before buying any smart device for your home, consider its necessity and weigh the security risks.
4. Create a unique Wi-Fi network – Most routers will allow users to create several networks with individual names and passwords. This means that if a hacker succeeds in accessing an IoT device, they won’t gain access to information or data stored elsewhere. It’s also worth creating a guest network for visitors.
5. Register devices and update software – Register all new devices to ensure you’re notified of software updates that address bugs and security issues. When you install your device, be mindful of what permissions you are consenting to.
The consistent security issues associated with smart home devices like Ring are likely to impact consumer adoption and trust. Indeed, a 2019 survey from Consumers International and the Internet Society revealed that 25% of consumers refuse to purchase a smart device as a result of security concerns.