Recode reports that the primary hijacking method in the attacks last week involved breaking through passwords. In too many cases people who set up networks and smart home systems in their homes left default passwords in place. People often don’t stop to consider security in the anticipation of benefits and during the sometimes confusing setup steps involved.
There aren’t many steps to take to add significant protection to your smart home, and you don’t have to be a security expert. But you should consider taking basic precautions and perhaps revisiting them each quarter and anytime you add a new device or system to your home.
Passwords
Passwords are your first line of defense, on two levels. Any user who has access to your home systems has a password. Also, there is generally an administrator or “admin” password for people with permission to reset or reconfigure the system. Manufacturers often ship devices with default passwords and recommend in the installation instructions that you change the password either during installation or at a later time. Guess what the most common default password is? It’s “admin,” and has been for years.
Beyond that extremely simple guess, which sadly works too often, hackers know or can easily find default user and administrator passwords for major brands online. Many manufacturers use the same default passwords across all lines of products, so all hackers need to know is the brand of your equipment to get in.
Device ID names
Also, taking a page from home network security, if your device is visible on the internet to anyone with a scanner (which can mean a regular smartphone), be sure to change the device ID if you can. Often the default device ID includes the manufacturer’s name — which right off tells hackers what brand you have and since you haven’t changed it, that tells hackers all your home systems and devices may be vulnerable.
Note: if you do change your device or system ID, don’t use your name or address in the ID — that just makes you an easier target. Much better to have a nonsense name that doesn’t, for example, correspond to your favorite football team that’s also on your car bumper sticker. If hackers are scanning neighborhood network access points and see an address, their job is easier. Your job is to be invisible or undetectable from the crowd so they’ll hack your neighbors instead.
Stay up to date
Be sure you have updated hardware for devices like routers and access points that can provide an open door to all the other systems in your home. Hackers stay up to date on system and device vulnerabilities, so don’t be caught with an older, wide open device. At least be sure to update your components’ drivers, software, and firmware whenever advised by the manufacturer.
Secure your systems including your home network
Having an open network may sound neighborly so friends next door can share your Netflix account or other services. However, not only can you lose bandwidth (speed and capacity) for your own internet use, you can also be giving your neighborhood hackers and anyone who walks or drives by an invitation to take over your system. With network routers and access points, definitely select “secure” or “encrypted.” You’ll be offered security options in many cases, which assumes you know the difference. When in doubt, go with WPA2 if that’s on the list.
Stay off the net
Some smart home devices don’t rely on an internet connection in order to function. If you don’t care that your smart appliance can connect to the manufacturer for service monitoring, turn that feature off if possible. The fewer devices in your home that connect to the internet, the fewer open doors you offer to the hacking world.
Inexpensive devices can cost you
Be careful when choosing and buying smart home appliances and devices. Sometimes you can get a better price for what seems to be identical quality and function from a more obscure company. That savings may cost you, however, as the largest companies have the budgets needed to build, maintain, and update security factors. After last week’s DDoS internet hijacking, Chinese security camera maker Xiongmai Technologies said that its IP cameras were hijacked and used in the attacks, according to Krebs on Security. Xiongmai’s cameras are used by other manufacturers in their own devices.
