The number of smart devices people can name in their homes is usually far larger than the number of smart devices people know are secured. A smart speaker in the kitchen, a smart doorbell at the entrance, a thermostat that understands your routine. All these smart devices are actually small computers that are connected to the home network, and all of them are potential access points for someone who wants in.
Fortunately, it is impossible to ensure the security of the smart home system without a PhD in information technology, but it is possible to create a clear strategy for this goal. This checklist contains tips about the smart devices in every room and what to do with them in order to protect your home.
Starting With the Network Itself
Before visiting any specific room, it is worth paying attention to the router as it is a gateway for all the devices connected to the network.
Update the default admin password on your router if it hasn't been changed yet. Most routers come with default usernames and passwords (usually, "admin" and "password") that can be easily found in online manuals. The firmware of the router should also be updated regularly, as manufacturers provide patches that close existing vulnerabilities.
It is worth considering setting up a separate guest network for smart devices if it is available. In this way, all the smart light bulbs and outlets will be isolated from your laptop and phone, thus, any attacks on the latter will be impossible even if one of the smart devices gets hacked.
The best thing to check is what kind of encryption standard your router uses, as the outdated one can make it even more vulnerable. WPA2 is reasonably secure, but it is worth considering switching to WPA3 since it offers better protection against password guessing. Almost all routers made recently come with WPA3 out of the box, and the process of switching is quick and simple.
Living Room: Smart TVs and Streaming Devices
The living room often becomes the room with the largest number of devices connected to the internet, and most of these devices are streaming devices or smart TVs.
Most of the information that these smart devices gather may seem useless; however, in most cases, user data and even voice commands recorded by microphones may be collected. Checking the settings menu and disabling these functions won't make your TV worse, but it will prevent it from gathering this additional information.
Streaming devices, such as Roku, Fire TV, and Apple TV, should be kept up-to-date, and it is worth avoiding downloading applications from unreliable sources. The most popular way for malware to enter a device is through apps that promise free content but have malicious purposes.
Modern gaming consoles also require similar treatment, as most of them offer web browsing functionality and account access. It is worth reviewing privacy settings, especially if children use the console, and setting up two-factor authentication for your account.
Kitchen: Voice Assistants and Smart Appliances
In recent years, kitchens have become one of the rooms with the largest number of smart devices. Smart fridges, smart ovens, and voice assistants in the kitchen are becoming standard nowadays.
Although smart voice assistants (Amazon Echo, Google Nest) listen for the wake-up word, they still record user conversations, and it is better to disable the feature of saving voice records and regularly delete voice history. Most platforms allow users to set auto-deletion after a certain period of time, and it is worth enabling this option if you haven't done this yet.
Updating the firmware of smart appliances can be quite challenging, as updates aren't always automatic. There are a few things to check:
- •Check for updates monthly on the manufacturer's website, as smart appliances are often updated less frequently than phones or computers.
- •Disable unnecessary functions that give remote access to your devices (for example, if you don't need to preheat the oven from outside).
Bedroom: Cameras and Smart Locks
Usually, bedrooms contain the smallest number of smart devices compared to other rooms. However, the consequences of compromising the smart devices in this room are rather serious due to the nature of these devices (cameras, smart locks on adjoining doors, or connected alarms).
It is worth checking whether the smart camera in this room or nearby has a unique password and two-factor authentication if it is available. The major source of home camera hijacking is reused passwords. Attackers try default passwords and login credentials that were leaked somewhere else on thousands of camera accounts. If a password was leaked in another breach, then this camera will become vulnerable as well.
Smart locks deserve the same treatment as any other smart device: updating the firmware and reviewing access logs if they are provided by the manufacturer. These access logs are kept by most lock apps, but almost no one reviews them regularly.
It is also worth checking the orientation of smart cameras in the bedroom, as they can easily record more of the property than intended.
Home Office: Laptops, Printers, and Smart Plugs
The home office is the place where business-related activity and personal life often meet, which makes it a place with a lot of sensitive information. Financial records, work documents, and personal accounts — all of them are kept on the devices located in the home office.
Printers are often an overlooked threat in this room, as they connect to the Wi-Fi network and can be accessed from the internet if they remain with the default settings. Changing the admin password on the printer and disabling remote printing if it isn't necessary will help prevent many attacks.
Desktop computers and laptops in the home office require the highest level of protection, as these devices handle logins, bank accounts, and other sensitive files. Aside from regularly updating the OS, reliable security software will help prevent phishing emails and downloading malicious programs. Testing some free trial antivirus software is worth trying before purchasing one.
Smart plugs that are often used for controlling lights or heating devices in the home office shouldn't be overlooked during the firmware update check as well.
If you are working from home and have to connect to the company's server via the internet, you might want to check whether your company requires a virtual private network for that. Using one will help protect yourself from unauthorized access to work data.
Kids' Room: Tablets, Toys, and Baby Monitors
Devices located in a kid's room require special treatment, which focuses mostly on privacy.
Connected toys and tablets usually have a questionable track record in terms of privacy, so before setting any of these devices up, it is worth checking if the manufacturer has experienced any data leaks or complaints regarding privacy violations. Besides, setting up parental controls if they are available and avoiding linking these devices to accounts that contain stored payment information will help protect your kids.
Baby monitors also deserve special treatment, as they are among the most compromised smart devices. Mostly, this happens because people install them quickly without changing the default password and choose brands with non-encrypted video transmission. The best practice is to choose a device with encryption and change the default password right after setting it up.
Two small actions will go a long way in this room:
- •Disable remote viewing when you are at home so the monitor cannot be accessed from outside.
- •Check the app permissions on your phone, as some of them ask for access to your contacts and location data.
Entryway and Garage: Doorbells and Garage Door Openers
Entry points to your home are one of the most worrying points, but they are often overlooked because people set them up once and never return to them.
All video doorbells should be equipped with two-factor authentication, as they are among the most compromised devices due to their capabilities. Review who has access to the doorbell app from time to time, as tenants or contractors might leave it accessible.
Smart garage door openers are also dangerous to leave unprotected, as a compromised opener gives the possibility of physical access to the building. It is worth checking whether the opener uses rolling codes and whether the companion application is up-to-date, as it should be.
Maintaining the Habit, Not Only Creating a List
Going through all the rooms once is already a great achievement; however, maintaining the safety of the smart home system is not a one-time job. New smart devices appear, firmware updates can be forgotten, and passwords can be reused without noticing.
Setting up a reminder to check this list every few months is enough to really maintain your home’s safety.
Devices that make your life easier do not have to put your privacy in danger.