Without safeguards, smart home can be a dumb choice, expert says

May 06, 2014
Credit: Peter Griffin/Public Domain

Smart technology can perform all sorts of tasks in our homes. Turn on our lights. Unlock our doors. Crank up our thermostats. And quite possibly, give someone access to our valuables or our bank accounts.

The rise of worries cyber security expert Jerry Irvine, who believes many homeowners are unknowingly trading security for convenience when they install smart gadgets or systems in their homes.

"You should be concerned enough not to do it, or to pay somebody to do it for you correctly," said Irvine, who is and a partner with Prescient Solutions, an company in suburban Chicago.

"It's not the technology that's the problem," he said. "It's the way people are using it."

Smart technology lets users control a number of functions remotely from a computer, tablet or smartphone. Typically the users connect to those systems via an Internet site, and almost always the systems can be controlled wirelessly.

Unfortunately, those systems are often insecure, Irvine said. And that vulnerability can open the door - literally or figuratively - to people who are looking to steal from you.

Let's say you have a smart thermostat. It operates via a chip that has no security protection, Irvine said, so a hacker could use it as an entry point to get access to your computer. If that computer isn't adequately protected with antivirus software and its operating system isn't updated regularly, he said, the hacker can get in fairly easily and find information that will let him or her withdraw money from your bank accounts, charge items to your credit cards or otherwise wreak havoc with your finances.

If you think that can't happen, consider this: It appears the hackers who ransacked Target's computer system got in via the heating, ventilation and air conditioning system, said Irvine, who serves on the National Cyber Security Task Force, a body that advises federal decision makers on cyber security policy.

Hacking into a smart system can give someone physical access to your home, too. A thief could disable your security alarm, turn off security cameras and even unlock the smart lock on your door, Irvine said.

What makes these systems even more problematic is they're often controlled by smartphones, which Irvine called "the most insecure device we have." Most users don't even have them set up to require a for access, he said.

How can you keep hackers out? If you want to use smart technology, Irvine said, put those controls on their own virtual , or VLAN - a network that's different from the one used for your personal computer and other devices. Configure that VLAN so a person can communicate with the devices on it only through an encrypted , or VPN.

That's beyond the capability of the average homeowner, Irvine said, but you can hire a computer technician to do the work for you. It should take about an hour and cost maybe $75, he said.

Have the technician show you how to change the encryption key - the password that decodes the information on the network - after he or she leaves, he advised. That way, the technician won't have access to your network, either.

Irvine said cloud-based home security solutions are an option, but those could still be hacked if you're not careful. He suggested using a unique user name just for that account, something that's hard for a hacker to guess and that's not your email address. You should also use a unique password that's 10 to 15 characters long and includes both capital and lower-case letters and at least one number and one special character - that is, a punctuation mark or symbol such as a percentage sign.

In fact, those user name and password precautions are wise for all your online transactions. Irvine also recommends making online payments only with a low-limit credit card and never allowing a website to save your credit card information.

Never make an online payment with a debit card or a direct transfer from your , he said. At least you have protections if you pay by . If your bank account is compromised, the loss is yours.

That's using technology in a smart way.

Explore further: Connected devices in smart homes have control issues

4.5 /5 (2 votes)
add to favorites email to friend print save as pdf

Related Stories

Connected devices in smart homes have control issues

Apr 03, 2014

(Phys.org) —Smart homes are growing smarter. But it all depends on how you define "smart." Smart, as in connected to the Internet, or smart as in a well-planned architecture of intelligent gadgets that ...

'Smart' homes open doors to hackers

Jul 30, 2013

Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists.

WPA2 wireless security cracked

Mar 20, 2014

There are various ways to protect a wireless network. Some are generally considered to be more secure than others. Some, such as WEP (Wired Equivalent Privacy), were broken several years ago and are not recommended ...

Heartbleed could harm a variety of systems

Apr 11, 2014

It now appears that the "Heartbleed" security problem affects not just websites, but also the networking equipment that connects homes and businesses to the Internet.

Recommended for you

Report: China to declare Qualcomm a monopoly

4 hours ago

(AP)—Chinese regulators have concluded Qualcomm Inc., one of the biggest makers of chips used in mobile devices, has a monopoly, a government newspaper reported Friday.

Hoverbike drone project for air transport takes off

15 hours ago

What happens when you cross a helicopter with a motorbike? The crew at Malloy Aeronautics has been focused on a viable answer and has launched a crowdfunding campaign to support its Hoverbike project, "The ...

Study shows role of media in sharing life events

16 hours ago

To share is human. And the means to share personal news—good and bad—have exploded over the last decade, particularly social media and texting. But until now, all research about what is known as "social sharing," or the ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

antialias_physorg
not rated yet May 07, 2014
Securing the network might not be enough. It's enough to be able to snoop that there is traffic at all...because if there is traffic from a remote location to your home system then that means you're not at home.
I.e. it means it's open season for any minimally tech-savvy burglar. It's very hard to safeguard against such behavioral analysis. You could send fake traffic at random intervals, but that would still allow for analysis as intentional traffic will still look different (less random and possibly with different data volume). And the more traffic you send the easier it is to crack the encryption.

But in the end: does anyone feel the need to remote control their home? Is there anything you could do (and is needed on a regular basis) that way that you couldn't do with preset timers?
elhefe
not rated yet May 07, 2014
Interesting article and yeah it seems like we're in some crazy time period where everyone needs to manage their privacy personally.. Even if you want to stream content you need some dns proxy or something likea vpn provider. I've been using https://ironsocket.com for awhile now with no problems and keeping the connection as safe as possible.

Thing is, when using some privacy provider, the ones with shared IPs and no logs really helps for your privacy. Data laws are still kinda wild west, but without some protection the wild west of data collection is not in favor of the average person