As a user of smart home devices, you would do well to pay attention to security yourself: only regular updates offer protection.
Always keep all devices and control options in your smart home up to date
© shutterstock / mangpor2004
Last year, a large grocery discounter attracted attention because it launched a smart clone of kitchen gadgets that contained several security gaps. One of them was the outdated Android 6 operating system from 2015, for which there were no updates at that time. The other vulnerability was a hidden microphone that is not even mentioned in the 38-page manual.
On the one hand, the buyers were not informed that this “additional function” and security gaps existed at all. On the other hand, cybercriminals would find it easy to “incorporate” the device precisely over it. The user cannot protect himself against both.
This example shows once again how little awareness of IT security still exists among many manufacturers and retailers. And it raises the justified question again: What should users pay attention to before buying smart home devices, when setting up and beyond?
The consumer is left behind
Lighting systems, digital thermostats or alarm systems: According to the digital association Bitkom
three out of ten German smart home applications in their own four walls
in use. A cybercriminal can hijack everything that can be controlled remotely in a smart home via potential security gaps.
It is therefore important to always keep an eye on the protection status of the digital home, because the increasing popularity makes the smart home lucrative for hackers. The Thermomix clone was also very popular with consumers due to its unbeatable price. But this example shows once again that the responsibility for data security and protection lies with the consumer himself. Whether the buyer wants to bring a spy into the house, he should still decide himself. When asked by the media, the discounter only replied that the microphone in question had been deactivated and would be made available for future use by voice assistants. It can only be activated by special knowledge or massive manipulation.
This is exactly what cybercriminals have. And that the computer built into the kitchen helper could be hacked
have proven two French IT hobbyists and installed the first person shooter “Doom” on it
Keep your eyes open when buying
The question of what consumers have to pay attention to when buying is not that easy to answer. There are some pointers that users can take into account when making their purchase decision. First, interested users should find out about the product online. Is it the best device for my needs? What do other buyers say? What experience do you have with the smart device? How long does the manufacturer supply the product with updates? Is data collected, if so, what and what exactly happens with it?
Test seals, for example from the TÜV or the
Test institute AV test
. Devices without a quality label, the manufacturers of which are rather unknown or have poor customer reviews, should be sorted out directly from the purchase selection – even if these devices are usually cheaper. In many cases, only the expensive devices remain at the end of the day. It cannot be denied that more security comes at a price. Which is not unusual, because it often means that development costs are higher.
Updates, updates, updates….
For years, experts have been demanding that the topic of security, especially with smart devices, come into focus. But a rethink is slowly beginning here. The EU acted on the spot and granted consumers the right to software updates. Because: Comprehensive protection is only possible if all devices, whether smartphone or smart device, are always up to date. All updates must be installed promptly. This is the only way to provide comprehensive protection against vulnerabilities.
In the case of smartphones and tablets in particular, which are a key to the smart home, there is another essential component: a comprehensive security app. Virus protection is not the only decisive factor here, but also protection against phishing attacks, for example. Likewise, users should not lose sight of the status check in their own home network.
In addition, these devices for controlling the smart home must always be kept up to date. This is the only way to prevent cybercriminals from being used as a gateway. Whether it’s an expensive or cheap smart home device: none of them are free from security gaps. But experience shows very clearly that in many cases a device from a well-known manufacturer is maintained longer than a no-name device. Ideally, automatic update functions are built in. This means that the user has more convenience and does not have to constantly check whether updates are pending.
However, a state-of-the-art smart home device is of no use if the periphery is unsafe.
The vulnerability Kr00K
has shown once again that the protection of the home network and the router is also essential.
Kr00K: Over a billion devices affected by WLAN security vulnerability
ESET researchers have only recently had theirs
Analysis of a WLAN security vulnerability
published that they christened Kr00k. Around a billion WiFi-enabled devices such as smartphones, tablets, routers, access points and even smart home devices were or are affected by this vulnerability. The vulnerability (CVE-2019-15126) affected WLAN chips from manufacturers Broadcom and Cypress. Routers in particular pose a particular risk here, since even patched client devices remain vulnerable. This vulnerability allowed hackers to spy on information that was actually encrypted or even to inject their own data packets.
Around two years earlier, a security researcher had discovered a similar target with “Krack”. WLAN encryption could also be bypassed here. Both weaknesses make it all the more clear that a router, like other hardware or software, should always be kept up to date. Often, however, there is still some catching up to do.
The router is the gatekeeper in the network
A gateway like Kr00k is not required to endanger router security. Often these network devices are bought, installed and that’s it. As a rule, routers have been in use for many years without changes – mostly even with standard settings and the factory-set password. If a router is put into operation, it should encrypt the WLAN network with at least WPA2, better WPA3.
Another elementary point: The administrator access should be provided with a complex and unique password. Modern routers have a function that assigns authorizations for controlling devices in the home network. That means: There is a special guest access for guests. In the case of particularly delicate interfaces, such as the apartment entrance door, no other applications may access them.
And is everything all right now?
A suitable smart home device has been found, bought and set up. The router is configured. Is everything good now? Users are already on the safe side at this point. In order to stay there in the future, we also recommend using a security solution, for example ESET Internet Security. In addition to protecting the end device, it also has an eye on the security status of the home network. The function indicates if security settings are out of date, passwords are poorly selected or firmware updates are available.
Tips for protecting smart homes
Clarify security questions before buying:
Users should inform themselves before purchasing a device. Are security updates provided in the long term? What about data protection? What information about me is transmitted to the manufacturer and how is it processed? These are questions that buyers should definitely clarify before buying.
To always be up to date:
The devices used to monitor and control the smart home should always be kept up to date, just like the smart home devices. A check for existing updates should take place regularly. If possible, activate automatic update functions.
Use security software:
The use of a powerful security solution with virus protection, firewall and real-time protection should be mandatory on PC, laptop, smartphone and tablet. This effectively protects users from attacks on their access data. A security suite is particularly useful in the smart home area, which also keeps an eye on the security status of the home network.
More smart home on NewsABC.net