The Ticking Smart Home Bomb

You’ve probably heard the stories but then long forgotten them.  Home internet routers having vulnerabilities that then allowed them to be hacked from elsewhere in the world, giving criminals backdoor access to your home network and, by extension, all your internet connected devices.  This isn’t a problem of years gone by, it’s a very real and present threat, and something you should, and fortunately can mitigate against.

The problem comes from the hardware devices we purchase.  These include everything from the router supplied by your internet service provider (ISP) to your home smart speakers, internet and app-connected lighting, and even the smart lock you use to secure your home.  Every one of these devices runs on software.  To be specific this is referred to as firmware for these devices because, rather than being installed on a disk, it’s run directly from a chip on the device.  This firmware tells the device how to work, what it can do, and acts as an interface between the user, you, the hardware, and the internet.

The problem comes when this firmware isn’t updated.  There isn’t any software or firmware code on the planet that doesn’t run the risk of having a bug or a flaw in it.  These bugs and flaws are what criminals exploit to hack into networks and systems, often to steal data, and sometimes to try and bring down the infrastructure of an entire country,

With the devices we use not being like the smartphones, desktop and laptops we use, they have no screens, no interface you can see, and no settings you can check.  There’s more often than not no way to check when, or even if, the firmware has been updated.  Without these updates to fix bugs and security flaws, any device is vulnerable to attack if they can be seen from other devices online around the world.  This is what happened with router attacks, and in my mind it’s only a matter of time before a smart home device or a smart speaker suffers a major attack itself.

So what can you do about this?  Sometimes there’s not very much, especially if the router your ISP provides is basic.  Many though support a guest network.  This shows as a separate Wi-Fi network in your home and the devices attached to it can’t see, and can’t get access to the devices on the main Wi-Fi network.  You can use guest Wi-Fi networks to connect smart home devices to the internet much more safely and securely than with the main network.

If you’re of a more advanced technical mind you could buy yourself your own router supporting virtual local area networks (VLAN).  These take the concept of guest networks to the next level, providing more security still.  In my own home and office I back this up with a security appliance that sits between my internet router and my home/office network.  This is a more specialist device that automates tasks from preventing intrusion from the outside, to blocking adverts on all the devices that connect to my Wi-Fi and LAN.

The most important thing to do though is to be vigilant and aware.  The older a device gets, the more likely it becomes that the firmware it runs on will be out of date and old.  Companies such as Google, Amazon, and Apple don’t want to support devices forever and so any security and other vulnerabilities that still remain in the firmware, and occasionally even in the hardware, will remain unpatched.

This doesn’t mean you should rush out and replace your smart devices with new ones and add to the growing problem of e-waste, but it does mean these devices won’t last forever before you should consider replacing them, or placing them on a more secure guest network in your home.  The overall risk to an individual household is minor, but the effect if a vulnerability occurs, and access can be granted to other devices on which you store your photos, files, and manage your online accounts, can often be devastating.

Mastodon