Smart homes need smarter security: Shutting the digital door

Our homes are getting smarter. A recent YouGov survey found almost a quarter of British homeowners now own at least one smart device, making it the second largest smartphone market in Europe and, according to GfK, the fastest-growing.

With column inches increasingly dedicated to the concept of the ‘smart home’ and the first tentative steps towards building smart homes already being taken by many, more people than ever before are revealing an increased desire to live in a smart home. Indeed, 58 per cent of 27-36 year olds are interested in the technology and, as a landlord, this is something you could really turn to your advantage as a means of differentiating your properties.

But before you dive head first into automating everything from your fridge to your toilet, you need to be aware of the potential risks. Your doors have locks, your smartphones do too; but what protection does your thermostat or your security system have against digital burglars?  More importantly, what can you do to ensure your cybersecurity is as smart as your connected home? You may want to forward this advice to your tenants to ensure they’re being cyber-savvy.

Smart devices

The term ‘smart device’ refers to any electronic device that connects to another via a wireless network. This creates a kind of digital ecosystem of appliances that talk to one another, exchange data and adapt to meet the demands set by the user.

Each comes with its own functionality, and each can be open to cyber attacks. While manufacturers should undoubtedly bear the brunt of the responsibility for making these devices secure, you need to be wise to the risks yourself. And there are plenty of precautionary measures you can take to ensure peace of mind. But before we get onto solutions, what are the risks?

Let’s look at smart speakers the most commonly-found smart device in an average UK home. Most people use them for innocuous things like playing music, checking the weather or asking questions, but some people do more personal things like their shopping, ordering gifts or sending messages – emails or texts – via their smart speakers. Our advice – be careful what information you ‘tell’ your speaker (don’t give them credit card or bank account details, for instance) and use password protection on your purchasing. It’s unlikely you’ll know if security has been compromised until it’s too late. Financial information is the most crucial type of information to protect.

The Google Home and Amazon Echo go beyond your standard smart device, however. They can also become smart controllers for the home, playing the role of the central hub for all your smart devices. And it’s in this capacity that security becomes more of an issue. Chinese tech giants Tencent, for example, demonstrated how a doctored Echo could be used to gain remote access to other devices, record private conversations or “play random sounds to terrify users”.

The phrase ‘entry point’ is an important one in smart device security. Smart plugs, for instance, let you switch on plugs and appliances from a phone or a tablet. The idea of someone hacking into a plug may seem innocuous at first – the worst that could happen is someone turning off your laptop or TV (annoying if you’re midway through a spectacular Game of Thrones battle, but essentially harmless). The threat comes when those smart plugs are connected with other devices via a smart controller. In that scenario, one security vulnerability puts all connected devices at risk.

 Smart homes need smarter security: Shutting the digital door

The same goes for smart thermostats. In 2017, a hacker broke into someone’s thermostat, raising the temperature from 24 degrees to 35. This was not a professional job, more a case of someone causing mischief to showcase their skills.

But a more nefarious criminal could have used the thermostat as a way in – the entry point – to other connected systems and caused many more problems.

If, for example, that thermostat had been connected to an unsecured Google Home alongside a smart security system, the hacker could have easily had access to door locks and security cameras. This grey area where digital security meets physical security is perhaps the most crucial to get right.

This is true not only for homeowners, of course, but for landlords wishing to meet the increasing security demands of their tenants.

Smart locks and security systems are not yet ubiquitous, but they are becoming widespread. Pen Test Partners – a blogging group interested in cybersecurity – showed just how easy it is to hack into one of the UK’s most popular smart locks. On a smaller scale, the “world’s first smart fingerprint padlock”, Tapplock, was broken into by a PenTest blogger “in seconds”.

The fact is, without taking proper precautions, any smart device – from fridges to lightbulbs to baby monitors – is vulnerable. But if you’re thinking about building a connected home, there’s one device that needs protecting most of all.

Get a landlord insurance quote

Get a quote online in under 4 minutes

Smart controllers

Smart homes need smarter security: Shutting the digital door

All these devices (and more) can work in isolation, but they interact with each other via a smart controller or smart hub. These hubs act as the nerve centre for all your smart devices, controlling everything from a single point. The hardware usually comes with a screen attached or is controlled via a smartphone or tablet app.

We’ve already mentioned the Google Home and Amazon’s Echo, but there are a multitude on the market, from the Bosch Smart Home System to Apple’s Homepod. With certain smart controllers, all system data is saved locally on the device. However, when smart controllers are connected to the cloud, it is possible for a remote attacker to access the product’s server and download an archive containing the personal data of its users.

A recent hack test by IT security company Kaspersky, showed that they were able to break into a ‘popular smart controller’, despite it having no vulnerabilities in its code. How? Well, the hub downloads a configuration file via an unencrypted HTTP channel. The home hub’s serial number is the only security used to verify the user.

It might seem unlikely that a hacker could get the serial number off the smart device itself, but many people share pictures and reviews of new tech online. Without sufficient vigilance, you could inadvertently share vital information online without realising it. The third weakness Kaspersky’s testers were able to exploit was weak login and password data.

Get a landlord insurance quote

Get a quote online in under 4 minutes

How to avoid smart home cyber attacks

So, what’s the message? Well, be careful, be aware and be vigilant. Each device will require different security considerations, but there are some general rules to follow to protect yourself from hacks:

  • Don’t go cheap: Cheaper devices are not likely to have been tested as rigorously as some products on the market.
  • Update regularly: When Tencent hacked the Amazon Echo, Amazon released a new security patch almost immediately. Make sure all smart devices are updated any time a new security patch gets released. Again, not all cheaper manufacturers will regularly check security on their devices.
  • Change your default WiFi password: Smart devices communicate over WiFi. If someone can hack into your router, they can easily access any of your smart devices.
  • Two-step authentication: You should also set up a second layer of security with 2FA (two-factor identification). This strengthens security by requiring two methods of identification, which can include something you know (a username and password) and something you own (an app) to approve authentication requests.
  • Change your IP: A virtual private network (VPN) can help you hide your IP address and route traffic and potential attacks to the VPN’s IP address instead of yours.
  • Get your own security: The Kaspersky IoT scanner is a free tool available for Android that scans your home Wi-Fi network, informing the user about all of the devices connected to it and their individual levels of security.
  • Be insured: While we might do everything within our power to keep the digital intruders at bay, it also benefits both landlords and homeowners to invest in cyber insurance in case the worst happens. For landlords with multiple properties, cyber liability insurance is particularly valid.
  • Firewalls: If you’re really serious about smart home security, a robust firewall – a security device that monitors traffic and allows or blocks it based on a defined set of rules – working in tandem with a decent router can help protect you.

Get a landlord insurance quote

Get a quote online in under 4 minutes

What’s next?

The global smart home market is predicted to reach $53.45 billion by 2022, and it’s likely the technology will get more complex.

With evolution in robotics, we could see the first wave of robot butlers helping us around the house. As artificial intelligence (AI) becomes more prevalent, we could soon have houses that make decisions for us.

Imagine, for instance, a smart alarm clock linked to Google Maps that sets your alarm based on traffic or the weather.

If that alarm was connected to your oven, it could turn it on in time for you to heat a morning croissant while your heating ensures the shower water is at the ideal temperature for the upcoming day.

Science fiction? Not really, the tech already exists. However, these kinds of super smart homes, run by AI, are reliant on personal data. Lots of it.

This data is then sent to machine learning algorithms running in the cloud that can be used to discover patterns, market trends, customer preferences and other useful information so that device manufacturers can make more informed decisions.

50 per cent of consumers believe that smart home technology will have at least some impact on their lives over the next few years, the question is whether they’re fully prepared.

In short, the smarter your home, the smarter your cybersecurity needs to be. And the smarter the security requirements, the smarter and better informed you need to be as a consumer. Get it right and you can enjoy all the benefits of smart living, get it wrong and you’re leaving your digital front door open to burglars.

It is important to take out landlord contents insurance, designed to cover the contents you have supplied to your tenants, as a standard home insurance policy typically excludes claims relating to people other than the homeowner and immediate family.

With the rise of the smart home, cyber security insurance is one of the major sectors of growth in the insurance market. Talk to Hamilton Fraser to find out more today.