Cyber security 101: How to keep your home devices from becoming spy tools

By Virginia K. Smith  | February 14, 2017 - 11:59AM

While smart devices such as Amazon's Alexa are making it easier by the day to turn our apartments into hyper-connected havens of digital convenience, having the entire cyber-universe at your beck and call has its downsides. As anyone who's ever placed a protective piece of tape over their computer's webcam can attest, a home filled with digital devices is also a home that's at greater risk for web attacks and personal data breaches.

Two incidents in particular have brought the issue to the forefront of late. First, there was the October East Coast internet outage that resulted from a coordinated attack on the company Dyn, in which home devices such as webcams and DVR players were infected with malware, and weaponized in such a way to flood Dyn's servers. (This is what's known as a "botnet" attack—Wired has an explainer here.)

The second, more recent incident came with the news that Smart TV company Vizio had tracked users' viewing data without their consent, then sold the information to third-party companies. So whether it's an issue of personal data security or having your devices turned into tools in a larger digital battle, 2017 is definitely the time to get your cyber security on lock. Below, simple tips to significantly step up your apartmen'ts cyber security—consider it the digital equivalent of a deadbolt:

Which devices to be careful with

Unfortunately, the answer here is pretty much "all of them." Specifically, any device that you connect to your apartment's wifi could potentially become a security risk. "Usually, anything that can be connected to the internet is what we classify as a 'connected device'," explains Jessica Smith, Vice President of Digital Forensics at security firm Stroz Friedberg. "That would be the first point to think about: 'What devices do I have around my house that are connected to the internet? What devices have I had to connect to my wifi'?"

Besides your smartphone and computer, this means tablets, smart TVs, digital butlers such as Alexa, smart appliances (such as refrigerators and air-conditioners), even baby monitors and security cameras. "Cameras are notorious for opening automatically," notes Joe Caruso, CTO of Digital Forensics at Evestigate. 

In particular, though, you should view your wireless router as your first line of defense. "Even when you're not using it, a hacker can tell the router to open certain ports, and then once those are open, an attacker can access those ports remotely and view your cameras," says Caruso. "Or they could use it to set up software that will allow the device to become part of a botnet that will attack other devices." (The latter is what happened to Dyn during October's internet outage.)

"There are sort of two different avenues you want to consider—the first is security, and the second is privacy," says Smith. "Security would be, if the devices are hacked, what is the security risk to you, and to other people." For instance, a hacker using your security camera footage to plan a home robbery, or a hacker utilizing your smart devices as part of a larger-scale attack on a third party. 

"From a privacy perspective, the question is what sort of information are these devices compiling about me and my activity, and who it's being shared with," says Smith. 

How to protect yourself

Though the level of risk out there can seem daunting (and as this Quora thread demonstrates, difficult to discern once it's actually invaded your devices), a few relatively straightforward solutions can make a world of difference. "Ninety-nine percent of hacks that happen are not sophisticated 'super hackers'," says Caruso. "They're kids that are looking for credit card numbers or some kind of financial gain, and they're going to take the low-hanging fruit." Meaning, then, that even a small amount of added difficulty getting into your networks will likely deter most of them onto the next target. Some steps to consider:

  • SET UP STRONGER PASSWORDS. This might sound like a no-brainer, but you'd be surprised. "What happens most often, and one of the simplest tips I come back to, is that people don't change the default security password on a connected device or router," says Smith. "They'll leave it on whatever it is when it comes out of the box." So for starters, make sure everything has been set up with a new password. And from there, make sure everything has a unique password. "Try not to use the same password for various devices," adds Smith. If the idea of keeping track of dozens of passwords seems daunting, you might want to consider paying for a password manager to keep track of them. (Wirecutter has recommendations here, starting at $12/year.) And for your most sensitive accounts, Smith recommends not putting the entire password into your manager tool, but rather using part of it, or something that will remind you of what the password is. "Too much security is better than not enough security," she adds. "And a password manager is definitely safer than writing all of them down."
  • READ THE FINE PRINT. While no one wants to slog through the elaborate terms of service that come with most devices and digital accounts these days, it can be worth it to see what you're really signing up for. "One of the most important things with privacy is to understand what the manufacturer is doing with your data," says Smith. As Caruso points out, Apple, Google, and Facebook all note in their terms of use that they'll send users cookies and use internet tracking to try to sell you things, all of which most of us agree to without checking the details."You can also do general online research to see if there's been security research or testing of that category devices, or insight into what that manufacturer is sharing with regards to user activity, and how security is integrated into its design," says Smith. A second, simpler step is to check into the advanced settings of an account or device—often, you may be able to improve your privacy settings, or opt out of features that allow the manufacturer to share your data. Wired found that both Amazon Alexa and Google Home have "mute" buttons that will stop automatic recording, for instance, while SelectAll has an overview of the privacy issues facing various brands of smart TVs. Anecdotally, if you Google security issues or settings for just about any site or device, you'll find extensive research that other users have done before you.
  • RUN REGULAR SYSTEM UPDATES. If you find yourself hitting "remind me tomorrow" for months at a time whenever you start getting notifications about the latest iOS upgrade, you're not alone. However, you're also not fully protecting yourself. Oftentimes, system updates include improved security, or fixes for previous bugs in the system, and by opting out, you're sticking with the weaker version. What many of us also overlook is that routers themselves can have updates as well, which also serve to bolster security. While you can manually check for firmware updates on just about any wireless router (for instance, Netgear has a step-by-step guide here) Caruso recommends springing for an Apple or Google router (which tend to run between $100 and $200), as they run automatic updates and generally offer improved network security. "You're better off spending the extra money on something that's going to protect your network and will update automatically and protect you," he adds.
  • SET UP A GUEST WIRELESS NETWORK. For a slightly more advanced-level move, Caruso recommends setting up a "guest" wireless network in addition to your primary one. This is useful for actual guests, yes, but also for all your new devices. "It's better to separate your computers and things you enter personal information into from your other 'connected' devices such as televisions or refrigerators," says Caruso. This way, if a hacker does gain access to one of these devices, they'll still be on a separate network from the one you're using for your computer—and therefore, unable to access that device, and any information you have on it. "If someone happens to hack into your smart TV or Xbox, they can't also hack into your computer," says Caruso. (Gizmodo has a guide to the network splitting process here.) It may sound like a lot of work, by Caruso notes, "If you take the time to buy a good router, divide up your networks, and make sure devices stay updated, you can really stay pretty secure."


Brick Underground articles occasionally include the expertise of, or information about, advertising partners when relevant to the story. We will never promote an advertiser's product without making the relationship clear to our readers.