Over the last decade, various home Internet of Things (IoT) products—from smart speakers to intelligent thermostats—have become popular. With the power of Internet connectivity, smartphone control, and artificial intelligence, smart home products can make life easier and more convenient.
However, many of the features that make smart home products revolutionary are double-edged swords. For example, an Internet-connected smart lock lets you or anyone you trust to unlock your home remotely. But if it is compromised, a criminal could break into your household without even touching the lock.
Other smart home products might not be as blatantly security-critical as an intelligent lock. That said, even seemingly innocuous products, like smart light bulbs, can be used as a foothold into your home network by cyberattackers. If a hacker gains access to an improperly secured smart home product, they can use their position in your network to attack other devices from within.
The privacy implications of smart homes are another whole can of worms. Smart speakers, with their always-on microphones, are used by corporations and governments to surveil owners. Video doorbell products share their recordings with law enforcement without users’ involvement. A huge amount of data generated by your own smart home may be used against you.
Despite the security and privacy concerns, smart home products are exceedingly popular—and for a good reason. This article attempts to strike a balance between taking advantage of smart home convenience and protecting your security and privacy.
Real-World Case Studies
Although some of these security concerns might sound far-fetched, none of them are purely theoretical. A variety of real-world threats have appeared due to smart home and Internet of Things security issues.
Mirai Botnet: Millions of IoT and Smart Home Devices Recruited For Crime
In the late summer and fall of 2016, security researchers discovered a concerning new malware development: the Mirai botnet. Soon after its discovery, large parts of the Internet were made inaccessible in a distributed denial of service (DDoS) attack on Dyn, a major Internet Domain Name Service (DNS) provider.
To take down such a significant part of the Internet, the criminals behind Mirai needed help. Instead of purchasing tons of computers and setting them up for 24/7 cyberattacks, the hackers took advantage of security vulnerabilities in consumer IoT products like Internet-connected cameras and routers. The hackers took control of these devices and turned them against various targets in an extremely large-scale series of attacks.
This attack wasn’t the fault of the device owners. That said, choosing devices manufactured by companies with a good reputation for security and fast bug patches may be an excellent way to avoid becoming part of the problem.
BrickerBot: Permanent Destruction of Vulnerable Devices
If recruiting your device for cybercrime wasn’t bad enough, hackers have another trick up their sleeves: permanently destroying devices. Lots of IoT devices use hardcoded administrator passwords. Manufacturers often leave debugging interfaces open on the devices they ship to consumers with well-known passwords so that anyone can compromise the manufacturer’s entire lineup of products remotely.
One group of criminals built the BrickerBot malware, which finds and “bricks” IoT devices that use default passwords. After they’ve been attacked, the devices are about as useful as a brick—they might not even turn on anymore.
Ring Law Enforcement Partnerships: Joining Ranks With Surveillance
Ring, a subsidiary of Amazon, produces popular video doorbell products. Users can see who’s ringing the doorbell from their smartphone wherever they are. Ring products are useful and provide clear value for customers, but they also come with some concerning privacy issues.
In particular, Ring partners with hundreds of law enforcement organizations around the United States, a controversial move that may threaten civil liberties and subject people to privacy invasions. Although the video-sharing program’s stated purpose is to decrease neighborhood crime—and Ring’s police partnerships have been somewhat effective at this goal, it also creates a huge scale surveillance network.
Whether or not you agree with Amazon’s use of Ring video data, considering how it may be used and shared is vital before buying this type of product.
Making an Informed Decision
Deciding whether to purchase a specific smart home product should involve some careful thought. Consider the value that the device brings to you and your family: do you save a lot of time, gain a hugely useful feature, or improve your peace of mind? Or is the device mostly a fun gadget or status symbol?
Afterward, think about how the device could be used against you. Is the data produced by the device useful to criminals? If a hacker-controlled it, could they do something nefarious?
Research the manufacturer’s security and privacy reputation. For example, an Amazon Echo or Google Home product probably won’t have security issues—both Google and Amazon take security very seriously—but the devices might have privacy problems.
After researching and carefully considering the pros and cons of purchasing the device, you have the information you need to make an informed, educated decision. In many cases, the potential liability of a new piece of hardware might trump its usefulness. In other cases, the product saves so much time that any security concerns are secondary.
Tech-savvy smart home technology users can protect themselves from some security concerns by partitioning their network into multiple segments. Intelligent home devices go on an “untrusted” segment, while computers and smartphones go on a “trusted” segment. This can provide limited protection against some kinds of IoT security compromises, but it’s not a complete solution.
Balancing concern for privacy and security with utilizing modern conveniences is challenging. Some smart home and IoT products provide enormous benefits but come with potential security and privacy drawbacks.
These issues aren’t just theoretical—they have happened, and they will continue to happen. It’s crucial that people purchasing smart home products consider the risks and downsides to avoid finding themselves in an Internet-connected nightmare.