Security News

Make sure your in-home IoT is secure

Grace Roberts, 12 October 2020

TL;DR: If you connect it, protect it

How many IoT-enabled smart TVs, thermostats, webcams and appliances are hooked up in your home? And how secure are they?

October being Cybersecurity Awareness Month (NSCAM), it's a good time to revisit the risks these cool, connected devices pose and devise more robust strategies for protecting yourself against hacks.

IoT devices are dangerous because they essentially open up a bunch of new digital doorways into your family's personal data. Many of them don’t come with security already embedded, so you’re responsible for putting the proper protections in. NSCAM’s slogan this year – “If You Connect It, Protect It” – certainly applies to IoT.

If you don’t protect yourself, hackers have ready access to all the sensitive information (home address, phone number, passwords, credit card information, social media account log-ins, etc.) stored on these devices. They can also invade your home directly via an IoT hack, for example, by taking control of your security (IP) camera and spying on you.

This last scenario played out late last year in Mississippi when a hacker harassed an 8-year-old girl by taking control of the family’s Ring in-home camera. The family had been using the camera to check on the girl’s sister, who experiences seizures. But a hacker compromised the system and lured the 8-year-old into a conversation, saying he was Santa Claus.

In another scenario, an Avast researcher recently reverse-engineered an IoT coffee maker to show where ransomware could be uploaded to the machine. The researcher, Martin Hron, accessed the machine through a firmware update because of the unencrypted connection to its corresponding smartphone app.


Further reading: How a coffee maker’s vulnerabilities symbolize a world of IoT risks


What can you do to protect against IoT hacks? For one thing, you can turn off some of the device’s functions. When you’re hooking up the home thermostat, you may have enabled a data collection feature that appeared useful – perhaps a temperature log – but if you haven’t used it at all, you might as well turn it off.

There are other tips to consider. Here are a few.

  • On set up, make sure an IoT device has strong security credentials. Don’t keep the default password or re-use an old or existing password from another device. 
  • Always update devices with new software, which is often issued to address security issues.
  • Your network is only as secure as your router. Reset yours and change the password to a long, unique password. 
  •  Always enable multi-factor authentication on devices when available.
  •  Look at a network solution that protects all of your devices, such as the Avast Omni.

IoT-enabled home devices are here to stay. The global smart home market size is growing by 14% a year, pegged to hit $93 billion by 2027. One market expert predicts the percentage of U.S. homes using smart in-home appliances will nearly triple, from 7.5% in 2018 to 19.5% in 2022.

The devices can be useful – and they can be fun. With some extra attention to basic security techniques, they can be safe, too.