NCSAM: Smart Devices - Protecting Your Connected Home

smart-home-security smart-home-security

Do you have a smart hub at home? A smart hub usually works by integrating various smart-home devices with a central personal assistant (i.e. Amazon Alexa, Google Assistant, etc.). The hub itself manages all of your connected devices for your home, such as: a connected thermostat to monitor your home's HVAC system, an Internet-connected security system, a smart TV, wireless internet-connected camera, smart lightbulbs, a baby monitor, a smart range and refrigerator, or an Internet connected automobile.

With a smart hub, the possibilities are endless!

Most likely, you are using several of these devices – which are labeled as the Internet of Things (IoT). IoT devices are: physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, and connectivity which enables these things to connect and exchange data. Embedded with technology, these devices communicate, interact, and can be remotely monitored and controlled. These IoT devices collect, analyze, and transmit information about a person’s behavior and lifestyle; these services and functions provide benefits for the person, but also come with security and privacy issues.

IEE Journal's article "A Survey on Security and Privacy Issues in Internet-of-Things" states the main security issues for smart devices are authentication, access control, confidentiality, privacy, trust, secure software, and mobile security. Many smart devices contain embedded computer systems, which means they have the same security risks as that of regular computers. IoT is creating a new environment where malware can be used to create botnets: a collection of internet-connected devices, which may include PCs, servers, mobile devices, and other devices that are infected and controlled by a common type of malware designed to attack and infect other machines. In other words – your devices "brains" turn in to botnet "zombies" and the results are absolutely malicious behavior.

It is important that you learn to protect yourself and your smart-home when using these smart devices!

We are in an era in which devices are designed to be connected to the Internet, so you'll want to be cautious and smart about protecting your privacy and yourself when setting up a smart-home. Therefore, it is important that you:

  • Choose reputable vendors when purchasing smart devices. Reputable and established vendors are likely to have the latest security in place. Even though it may cost more to purchase a name brand, you will save in security and peace of mind.
  • Consider whether you want to submit your data to a public cloud or private cloud. Determine what level of privacy you will need when making choices about which devices to use. If using a public cloud, be sure to secure and tighten your privacy settings on your account. 
  • Ensure your wireless home network is properly configured and secured.
    • Install a firewall on your network either with a stand-alone appliance or software that ships with the router, to restrict incoming connections. If you are not comfortable doing this, you can contact your Internet provider for assistance.
    • If you have a highly connected home, install a unified threat management (UTM) appliance that integrates services such as the firewall, anti-virus, allows for content filtering, spam filtering, VPN protection, and anti-spyware. Note: Sophos offers a free combined firewall and UTM.
    • Give your WiFi network an obscure name that won’t provide attackers with personal information they can use in social-engineering attempts. For example: do not call your network the "Henderson's WiFi." Name it something random, such as "Miami-Dade Surveillance."
    • Disable guest network access or protect it with a strong password, and only allow trusted guests to use it.
    • If your router allows it, create two separate networks – one for your smart devices and one for your computers, tablets, and smartphones that you use for online banking and shopping and general web activity.
    • Ensure that you have changed the default password for your router and that you are using the WPA2 security protocol. If your router is still using WEP, you may want to consider purchasing a new router.
  • When software updates are issued for smart devices, immediately install them. Most smart device manufacturers do not have a software update distribution model such as Microsoft or Apple do, so you’ll need to be responsible for staying current with installing the updates. Taking the time to download updates for software and firmware minimize the risk that your device will be hacked or that you will lose personal data.
  • Set a strong usernames and unique passwords to protect your devices and the accounts that you create for them. Do not keep and use the generic or default password. Do no re-use the passwords for other accounts.
  • If your device uses Bluetooth, turn off the service when not in use.

If you have any questions about cybersecurity or want to learn more about how to stay safe online, please contact University of Miami's Information Security Office (ISO) at: ciso@miami.edu.

Click here or on the image below to download UMIT's NCSAM poster:

Feel free to print this poster and share it with your colleagues/peers!