Family discusses the privacy and security risks of smart home devices.

August 14, 2019

What You Need to Know About the Privacy and Security Risks of Smart Homes

As the world becomes increasingly connected, the comfort, convenience and entertainment provided by smart home devices makes them increasingly popular for families who can afford them.

During 2019, the global market for smart home devices is expected to increase 26.9 percent, with more than 830 million devices shipped, according to the International Data Corporation's (IDC) Worldwide Quarterly Smart Home Device Tracker.

And the trend isn't expected to slow down — instead, it will continue to increase 16.9 percent annually through 2023, with nearly 1.6 billion devices forecast to be shipped in 2023, as consumers adopt multiple devices within their homes and as global availability of these products and services increases.

But all the convenience and comfort offered by smart home devices also presents risk to your privacy and security, especially if you're unfamiliar with the nuances of how to protect these devices.

Potential Privacy Issues

"You have no idea what information these systems are collecting, who is getting access to that information, and what they are doing with it," said Lance Spitzner, director of SANS Institute, an information security and cybersecurity training firm.

"Every one of these devices is collecting data on how you live and interact with the world, which is not only being collected but potentially sold to other organizations," he said. "Even more scary are technologies that can listen in on what you or your family say, such as Alexa or Smart TVs."

Smart devices that interact with you through speech, like Google Home, Amazon Alexa and Apple HomePod, for example, record your interactions with them.

All three of the companies encrypt these recordings as they are moved from the devices to the company's servers as well as while they are stored. However, Google and Amazon tie your recordings to your identity and only delete them from their servers if you request they be deleted. (Apple doesn't connect the recordings to your account, but rather ties them to a random routing ID and the information is stored on servers for six months with that ID and then another 18 months not linked to any ID.)

That's a lot of data that could be used by hackers if the data were to be breached ⁠— and that risk only covers one category of smart devices. Wearables, like fitness trackers, and security devices, such as front door cameras, are also collecting data about your habits and location if you use them.

For instance, a hacker may determine from your cloud-based security settings or your calendar that you're at an appointment for the next two hours, or from your wearable fitness tracker that you always go to yoga on Tuesday nights.

They can then use this type of information in a number of ways, from physical robbery to wire fraud.

Additionally, if one of your devices is hacked, it can give the hacker access to your WiFi network. With that, your sensitive information, such as passwords and financial data, could be exposed.

Security Risks

Smart devices also pose a security risk, Spitzner said.

Home devices, like refrigerators and TVs, were not designed with security in mind. If you purchase smart versions of these items, there's the risk that they will stop working if their computer systems get corrupted or infected.

And with internet access added to these devices, they may offer hackers a number of new entry points into your home.

For example, imagine you have smart light bulbs that go on when you get home. You may have other smart device set to perform an action when you get home - disabling your alarm system, perhaps. But if a hacker accesses your smart lighting, he could trigger that system into "at-home" mode, thereby disabling your alarm system and gaining entry into your house undetected.

Even devices designed to increase your security, like smart cameras or doorbells, have proven to be easy to hack, according to research by Ben-Gurion University of the Negev in Israel. They tested 15 security devices, including cameras, baby monitors, doorbells and one thermostat, and found that the most difficult one to hack, which was a baby monitor, only took them two days.

It becomes easy for any hacker to purchase one of these devices, study it to find its weaknesses, and then use that information to hack any home with the same device.

It's important to keep in mind that, while providing you with convenience and entertainment, smart devices are also collecting data about you and potentially providing criminals with access to your home. If you do choose to use smart home devices, follow these guidelines to take precautions against a hack.

Understand the Privacy and Security of the Device

When evaluating which devices to purchase, study privacy and security policies.

Make sure you're aware of how the provider will store your data, whether or not it will be encrypted and how long they store it.

When you get the device, go into the security settings, which are likely set to defaults, and enable the level of security you'd prefer.

Secure Your WiFi Network

Most smart devices cannot be secured, so it's important to secure the network on which they're operating.

To do that, give your network a non-personal name: Rather than naming it “The Smith House," give it a random name. If possible, consider using two different Wi-Fi networks, one for computers, tablets and phones and another for smart home devices. That way, if a device is hacked, a hacker won't gain access to your other devices where more sensitive data is likely to be stored, such as the laptop you use to log in to your bank and investment accounts.

Use Strong Passwords

In many cases, smart device owners do not change the default passwords that come with the device.

It's very important never to use the default passwords provided by the factory.

Instead, use strong, complex passwords for each device and change them regularly. Karl Mattson, chief information security officer at City National Bank, recommends passwords of at least 12 characters or longer. Combine words, numbers and symbols to make unique, lengthy password phrases—and don't use the same password on multiple devices.

Disable Unused Capabilities

Your connected home devices likely offer a number of capabilities that you'll never use, so take the time to disable those applications. For instance, if you'll never use remote access for your smart refrigerator, disable that capability. It's unnecessary to keep connections open that you don't need.

Secure Mobile Devices

If you're using your smartphone or tablet to manage your smart security system or other home devices, make sure you've downloaded the most recent updates. The most secure mobile devices regularly release patches and updates to attack the latest threats, but your device won't be protected if you haven't downloaded those updates, Mattson said.

Thank you for subscribing!
Error. This is not a valid email address. Please try again.
Error. Please make sure all fields are properly filled out and try again.
Get Insights Sent to Your Inbox

This article is for general information and education only. It is provided as a courtesy to the clients and friends of City National Bank (City National). City National does not warrant that it is accurate or complete. Opinions expressed and estimates or projections given are those of the authors or persons quoted as of the date of the article with no obligation to update or notify of inaccuracy or change. This article may not be reproduced, distributed or further published by any person without the written consent of City National. Please cite source when quoting.