Refrigerators hijacked to send malicious emails. TVs tapped to spy on their watchers. Baby monitors remotely rigged to stream a stranger’s voice.
These aren’t outtakes from a cheesy sci-fi horror flick. They’re real situations that have happened in homes around the world–made hackable, so to speak, by flawed smart devices. Although there are many advantages to buying gadgets that connect to the Internet, “many of them are not built with security in mind,” says Cesar Cerrudo, an executive at security firm IOActive. And that makes their owners vulnerable: a bit of outdated software in your connected security camera, and a hacker could use it to case your home; a weak password on your connected thermostat, and a hacker could use it as a back door into your wi-fi network–and anything on it.
To be sure, actual horror stories are few and far between. Of the millions of Americans who own at least one connected device, only a small fraction have publicly come forward as victims of malicious home-gadget attacks. And when they do, manufacturers like Samsung–whose smart products were targeted in the past–have been quick to correct security flaws, since consumer trust is paramount for good business.
But it never hurts to be prepared. Here are five expert tips on how to safeguard your smartest devices.
It may sound too simple, but your home’s first–and often best–line of defense is Google. Before you purchase a connected gadget, search its name plus words like security or vulnerability to “give yourself an idea of what you’re up against,” says Daniel Crowley of info-security firm Trustwave. More important, Cerrudo says, you should investigate how effectively the gadgetmaker responded to any breaches. If the issue was neutralized quickly, you’re probably fine. If a company took weeks to fix its mistake, buy something else.
In one of the most publicized connected-home hacks, security researchers broke into early models of Samsung’s smart TV, which allowed them to control its camera and access files and apps. Samsung quickly issued a software update to fix the vulnerability, but–as with smartphone apps–it’s often up to users to make sure that a patch is downloaded. The longer you wait, the larger the “window of opportunity” for hacking becomes, says Cerrudo.
Many people want their connected devices to work right out of the box, so they don’t bother to change the default user names and passwords (or they type a simple one to get going). That makes you extraordinarily vulnerable to hacking, says Crowley, noting that weak passwords were responsible for 31% of the security compromises Trustwave investigated in 2013.
If all else fails, soliciting help from an expert to install and configure your devices–and the networks they tap into–can be “the best option,” says Cerrudo. Best Buy’s Geek Squad, for example, can set up your wireless network for about $90 to $130, ensuring that you have the most up-to-date firmware, among other details. As Geek Squad specialist Derek Meister puts it, “We look over all the little settings.”
Even if your smart devices are secure on their own, hackers can still break into your control network through a lost smartphone (if you’ve used it to control your gadgets) or unsecured home wi-fi (which many gadgets use to sync with the cloud), enabling all kinds of mischief. To add another layer of difficulty for would-be hackers, Crowley suggests setting up a separate, secure wi-fi network exclusively for your connected devices.