Not too long ago, the biggest concern over high-tech home theft was neighbors stealing Cable TV or jumping on your wi-fi uninvited. Today, with the breadth of connected products available, the potential for unauthorized access to the home is greater, and goes beyond mischievous kids turning your lights on and off remotely. As reports of credit cards, insurance information, and even baby monitors being hacked, it seems nothing is sacred. Without the right layers of protection in place, a high-tech home could be vulnerable to digital or actual break-ins.
The topic of hacking the high-tech home came up during a panel discussion hosted by CNET at the 2015 Consumer Electronics Show (CES). Several home technology industry experts weighed in on the topic. Their consensus is that connected homes are secure, as long as the products and people that use them are taking security seriously. The good news is, device and platform developers are taking it seriously. The bad news is, it may not always be the first priority.
"One of the things to recognize about security in any situation of emerging technology is, for better or for worse, value leads security," says Linden Tibitz, CEO of IFTTT, a platform that helps users and their connected devices communicate. "When you look at the advent of the web or the smartphone, people spent a lot of time determining if it was relevant to them. That's the phase we're in now, so device developers have to lead with value. Who cares if the product is secure if it's not valuable to me? Once the value is there, security is going to follow in time."
Industry CEO Ben Kaufman says security is an essential component of the work he does with Wink, a platform he launched in partnership with GE via his other company, Quirky. "One of my favorite things about Wink is how seriously we have to take security because we partner with large industrial companies like GE," Kaufman says. "They have what they call the Red Team, which is a group of people that tries to penetrate everything with at GE logo on it. I generally agree that a product has to do something valuable first, but we're also dealing with products that are put through the same ringer as a 747."
Arthur Orduna agrees. As senior vice president and chief innovation officer at ADT, security is always top of mind for his group, and connected home devices are no different. "We make people secure, so we're always asking 'how do we go about securing our own systems?'" he says. "Security has to begin at the beginning, designed into the products. As an industry, I really like the collegiality of what the Internet of Things has come to mean, including on the topic of security. We start with best practices, educating consumers, and working as an industry, preemptively."
Home technology installers, or integrators, are finding that educating consumers is the critical component of home security, and potentially the chink in the armor of a connected home system.
"The way we tend to look at it is, there is just as much to be nervous about regarding home security as there is for anything else," says Tim McInerney, director of product marketing for home technology company Savant. "The way we approach system security is kind of like how you would prevent a burglary: the harder you make it for someone to break in, the more likely they are to move on."
Jeff Breisemeister agrees. "The easiest way to set things up is always the least secure," says the principal at Integration Controls, a St. Louis-area home technology integrator. "I still have clients that request us to set them up with the least-secure way to access certain aspects of their systems so they don't have to enter passwords multiple times. They want to save themselves some time and maybe frustration, but the least secure installations are also the easiest to exploit."
Beyond convenience, price plays an role in system accessibility and security. Numerous inexpensive connected devices are available at retail, allowing homeowners to effectively build their own connected home over their existing wi-fi. The solutions are affordable, but not necessarily secure. "All these DIY options are great, but at the end of the day with security, you're on your own," McInerney says. "Who are you going to get to help you with that system if you're having issues? It's one of the reasons why Savant products are only sold through authorized integrators, rather than retail channels. You want someone who knows what they're doing." Working with an integrator will cost more, but homeowners will be ensured a network that's protected by a series of safety measures that DIY products don't offer.
That's not to say consumers should bypass open-API devices. McInerney says Savant's system accepts more than 5,000 devices, but all of them are heavily tested for safety and security. Likewise, Briesemeister says he's happy with the performance of many apps that operate those devices. "In many cases, product manufacturers will use a cloud-based service for a secure over-the-internet check-in with their server," he explains. "So if you're unlocking your front door, your smartphone is talking to the server and not directly to your house."
Hack-Proof Your Home
Amid nationwide concerns of personal information being accessed by hackers, how likely is a high-tech home hacking? For the most part, experts agree that it's possible, but it's not happening extensively—yet. McInerney believes that individual home-hackings won't make the news, the same way an individual identity theft isn't reported on.
"I haven't heard of any major hackers breaking into many houses at one time, and the likelihood that someone will try to break into your house by unlocking your door instead of smashing the window is probably low," he says. "But as devices get more popular and clear winners start to emerge, you may see more and more of those kinds of attacks. When there's a million of one type of connected thermostat out there, that creates more chances for hackers to test the connections and catch someone off-guard."
He and Briesemeister offer a few tips to help protect your digital domain:
- Change Your Passwords. Every connected device comes with a default password that can be tracked down with automated software, Briesemeister says. Change all passwords to something more complex. Once changed, many systems will remember those passwords so homeowners don't have to enter them over and over again, the same way your smartphone remembers how to access your wi-fi.
- Segregate Your System. McInerney recommends setting up multiple networks as an added layer of protection. If connected home devices are on one network, and your laptop is on another, that will prevent cyber villians from getting to your financial records via your home automation system.
- Consider Hard-Coding. Similarly, McInerney suggests finding an integrator that will work at the level of the hardware address. "We give people the functionality to say that only a specific piece of hardware, such as a certain cell phone, can connect with the system," he says. The system will deny access to non-permitted hardware addresses.
- Create a Guest Network. Whether it's cousins from out of town, an occasional house party, or the kids' friends coming over to do homework, Briesemeister says he often sets up guests networks for his clients. "That way, they're not handing out the primary network password and giving the neighbors access to everything."
- Vet the Password-Keepers. Trust is paramount any time a trade partner enters a client's home. When looking for a technology integrator to work with, Briesemeister says remodelers should ask about the company's policy is for storing and securing clients' passwords and other information. Learn more about how and why to bring an integrator into your team of trade partners.