Is Your Smart Home Safe?

safe deposit.jpg

Look Past The Obvious
I know there is a lot of general advice about security that is available.  Hopefully you know some of the basics about avoiding viruses and malware on your computer and not replying to that Nigerian prince looking for your help to move millions of dollars that are “stuck” in an account overseas.

Besides the login to your email, your computer, and your online bank accounts or other financial transactions, when you have a smart home there are many other security risks to consider.

Why Smart Home Security Is Unique
Home automation involves a lot of moving parts.  Unlike general purpose computing where you are probably spending most of your time using email, surfing the web, or interacting on social networks with a few apps, a smart home is much more complicated under the hood.

Common smart home devices such as thermostats, lighting systems, and entertainment systems actually consists of much more than the actual hardware you have purchased and plug in.

Every smart home device is part of a larger environment that may include hubs, controllers, gateways, and/or remote access systems.  Each of these components has its’ own security considerations.

Whether included free of charge or an optional paid subscription, many smart home device operate with an ongoing service.  The device may “phone home” to a centralized Internet server for basic operation or may communicate with the server periodically to verify logins, serial numbers, or other authentication.  

All of this communication with other servers and systems happens “under the covers” - much like an iceberg, a lot of what you don’t see is more important than what you do.


Start With The Basics
The first step in securing your smart home is to review the accounts and passwords used by all your devices.  Check each device or service and make sure you are not using a default login account name or password. 

Although manufacturers have improved their products in the last few years, there are a still a lot of devices that ship with a standard username and password that anyone can find with a quick Google search.

Here’s a helpful tip - create a special email account just to use for all your device logins instead of using your regular email account.  This isn’t required, and might seem a bit more complicated at first, but it actually makes everything a lot easier.

If you need to give temporary access to someone else (someone in tech support, your dealer, installer, or even a helpful friend), you limit your exposure by not giving them your primary email account that you use for many other things.

It also helps when you eventually move and sell your home.  You can simply give the email account to the new owner instead of frantically running around trying to reset dozens of devices, logins, and passwords.

Resist the urge to name the new email with your street address.  Creating 123mainstreet@gmail.com or Macy.W34thSt.NYC@gmail.com might seem cute, but why include information in the email that makes it easier to figure out where you live?


Use Recommended Password Hygiene
All the existing security advice about passwords applies here.  I hope you are already familiar with and follow these recommended procedures:

Use random, complicated passwords - Do not use common names, or personal info like date of birth, children’s names, etc.
Use 2 factor authentication whenever and wherever it is supported
Use a different password for each login - do not re-use the same password even 1 time

I advise all my clients to use a password manager.  This a software application like 1Password or LastPass that gives you a safe and secure way to keep track of all your passwords and login information.  You only have to remember one complex password and the software handles the rest.

I strongly recommend using a password manager application and not relying on the built-in limited password handling capability of your web browser (Safari, Chrome, or Internet Explorer).  A password manager is much more secure and because it runs on everything (smartphones, tablets, Mac computers, and Windows PCs) you can rely on it everywhere.


Put Away The Toys You Are Not Using
Most products today can do a lot of things.  They obviously do the things you want (that’s you bought them), but they can also do a lot of other things you may not care about or even know about.

Turn off all the features you are not using right now.  Even if you plan to use some capabilities in the future, leave them turned off until you are ready.  The less stuff you have turned on, the less likely something is configured wrong, mis-configured, or left with a default setup.

It’s really common sense, but something we all overlook.  This is especially true now that a lot more smart home devices support multiple systems - systems that you might not own or be using.

Many products can support HomeKit, Google Home, and Amazon Alexa simultaneously, but most homes are not using all of these systems.

If you are using Apple’s HomeKit and Siri for voice control, than make sure the support for Google Home and Alexa is turned off.

If you can’t turn off all the features you don’t want or need, check to make sure that if they have logins or passwords controlling those features that you have set the passwords and turned off as many options as you can.


All Politics Is Local - But Not Smart Devices!
Remote access is so convenient many products have it enabled by default.  Forgot to shut the garage door?  Want to turn on some lights before you get home?  Warm or cool the house from afar?  Remote access to your smart home devices or control systems is the answer.

But remote access is also the easiest way in for hackers and ne'er-do-wells.  Same advice here - disable all remote access if you don’t need it.  Much safer and less hassle.

Only provide remote access on a case-by-case basis when you must.

If you want to dig deeper on the risks, pitfalls, and advice for remote access, be sure and read my recommendations for disabling universal plug and play (UPnP), limiting use of “port forwarding”, and using a virtual private network (VPN):

The Road To Hell Is Paved With Good Intentions (Disable UPnP on your home network) — DoItForMe.Solutions


Don’t Worry, Be Happy In Your Smart Home
Network and computer security is important, but with a few straightforward steps you can enjoy the benefits of home automation with less worry.

Just follow the instructions above to secure all your devices with unique passwords, keep track of your logins with a password manager, and disable or turn off every feature or function that is not needed - especially remote access.

Be smart, be safe, and enjoy your smart home!


Products To Help With Smart Home Security

1Password Password Manager
LastPass Password Manager

Synology Router with VPN access