'More susceptible to cyber attacks': How safe are your smart home devices?

The tap of a button on your smartphone can open the blinds, adjust the lights, crank the aircon and preheat the oven – all while you’re making the commute home from work. 

There is now a suite of smart devices and appliances available for our increasingly connected homes, and while they undoubtedly make parts of our lives easier, their convenience can come at a cost. 

According to the Telsyte Australian IoT@Home Market Study by technology analyst firm Telsyte, released in October, smart home technology is being quickly adopted by plenty of Aussies, with 61 per cent of households having at least one smart home device as of June 2020.

Telsyte forecasts that the number of internet-connected devices in Australian homes will reach 371 million by 2024, up from 193 million in 2020. 

The more we install and rely on smart devices like Google Home and Amazon’s Alexa – as well as smart fridges, televisions, security cameras, lights, speakers, door locks, smoke alarms and more – the more susceptible we are to cybersecurity attacks.

Luis Corrons, a security expert at cybersecurity company Avast, says it’s quite easy for cybercriminals to hack our most popular at-home devices.

“There are all kinds of devices that can be hacked by resourceful enough cybercriminals,” Corrons says. “Households are populated with smart devices such as TVs, thermostats, door locks, lightbulbs, speakers, security cameras and heating and cooling systems, to name a few. 

“Cyber attackers can exploit the security weaknesses of smart home devices to gain access to your household networks to take sensitive data or, even more alarmingly, to take control of your devices and monitor you and your family.

“The more insecure devices are connected to a network, the easier it is for an attacker to gain access and target valuable devices such as security cameras, or media boxes.”

Attackers could also go so far as to hijack smart lights and door locks, alerting and allowing criminals inside your home, or access TV set-top boxes, install ransomware (malicious software that encrypts users’ data) and display a message demanding a ransom be paid to free the device. 

While this sounds incredibly alarming, there are steps you can take to minimise your risk and vulnerability to cybercrime – and research is key.

Choose the right device

Corrons says people should consider buying smart devices from well-known and reputable manufacturers, as they’re likely to design products with quality security features.

“Before you add a new connected device to your network, take the time to understand everything about it, including how it collects and uses your data.”

Change the default password, on all devices

“When given the option, always change the default password to something complicated,” Corrons says. Not doing so makes it easy for hackers to access your data.

Although it might be tempting to go with something simple that you’re likely to remember, ABC123 is not going to cut it. 

“Most bad hackers can guess a default password, allowing them to breach a network and even link a smart home device to a botnet,” Corrons says.

A botnet is a collection of internet-connected devices controlled by cybercriminals – definitely something you want to avoid. 

Update – and often

“It cannot be stressed enough – keep the firmware [a type of software on your device that makes it work as intended] of your IoT [Internet of Things, or internet-connected] devices updated with the latest versions and patches available.

“Remember, the cause for most of these updates is because a security flaw has been found and exploited in the previous version. You want to stop running that compromised version right away,” Corrons says.

No more hitting the “remind me tomorrow” option.

Split your home network

“As part of their recommendations for robust digital security, the United States Federal Bureau of Investigation has suggested homeowners keep devices carrying sensitive data – such as laptops and smartphones – on a different network from those supporting smart home devices. 

“By using this set-up, a hacker would not be able to directly access a personal laptop if they breached a smart home device,” Corrons says.

Restore factory settings

“If you are getting rid of older smart home security products, make sure that you erase all your data and personal information, delete your account if you no longer need it, and perform a factory reset of the device,” Corrons says.

The last thing you want is for your data to be accessed via a device you no longer have.