From smart thermostats like the Nest to always-on security cameras, every year we add more appliances and gadgets to our homes that connect to the internet. Some offer great features like remote monitoring, others use data to help you optimize your home and save money. Even so, anything connected to the internet is at risk of being hacked. Here’s how to keep all of that new gear safe.
You may not think about it, but constantly-connected devices like thermostats, NAS devices, TVs, kitchen appliances, and home automation systems pass data to and from the internet all the time. We call all of these gadgets the “internet of things,” but like other internet-connected devices, they’re vulnerable to the rest of the world. That means you need to take a few precautions before you set them up.
Never Connect Your Appliances to the Internet Without a Firewall
Most of us have a router at home that acts as a firewall by performing network address translation (NAT). In simple terms, the router sends traffic that’s meant for a device to that device, and drops traffic that’s either unexpected, unwanted, or specifically malicious. Most of us would never imagine connecting our computers directly to the internet without the protection of our routers, or at least with some kind of firewall in place to block malicious traffic and port scans. There’s no reason you should assume that the tiny computer in your new appliance is any different. It may not store sensitive or personal information, but if it’s also on your home network, there’s no reason not to keep it behind your home router or firewall.
Some devices, like IP security cameras, try to make setup easy by suggesting you expose them to the internet. They generally rely on password protection and self-contained web pages to stay secure. Unfortunately, we’ve learned that’s far from reliable. With those devices, you should definitely use strong passwords, but you should still keep them locked down and behind a firewall, preferably with port forwarding configured so you can access them externally if you need to, and they can call home when they have to.
Check for Firmware and Security Updates, and Do It Regularly
The first thing you should do when you unpack and plug in that new internet-connected appliance is check for firmware updates. Much like any peripheral, the odds that it was sitting in a box on the shelf with the most recent version of its software is pretty low. There’s likely been an update that offers security updates and feature improvements—and may even contain some critical patches necessary to use it safely online. Head over to the manufacturer’s web site and look around for instructions to connect and update your device. Even if there are no updates, at least you’ll know how to do it, and you can check back regularly to see when a security update has been posted.
When we talked about the severity of bugs like Shellshock and Heartbleed, one of the big problems we uncovered was that many internet-connected devices are never monitored or updated. They may be “embedded” systems that perform specific functions (and no one checks on them until they break) or they may be in devices people just don’t realize are connected. Learning how to regularly check for updates—even if your device doesn’t do it for you—will keep your investment secure and at its peak performance.
Consider Rolling Your Own VPN for Remote Access
A VPN, or virtual private network, gives you the ability to securely connect to your home network from afar. We’ve talked about how VPNs work before, and while they encrypt the information going to and from your devices, you can also use one to create a private connection between you and a trusted network (in this case, your home network) so you can check up on the security cameras, turn the thermostat up or down, or grab files off of your NAS without worrying that the rest of the internet can do the same thing. This way you can open your appliances up to your home network and not the Internet at large, but still access them from anywhere by logging in to your home network through your VPN.
You can use premium VPN services like some of our favorites to get the job done here, or you can roll your own VPN with a Raspberry Pi and OpenVPN, or just use OpenVPN on your home router, NAS, or even an old computer you may have lying around the house. Whatever your tool of choice may be, you can use a VPN to keep your connected devices secure, behind your home firewall, and only accessible from the outside when you connect back to your home network. You’ll still have to set up port forwarding if those devices need the internet for their own purposes, like updates or feature improvements. However, if it’s just remote access you need, a VPN is a great way to control who can connect in and when. Then you can supervise those devices when they need to call out manually.
Secure Your Home Network
Of course, keeping all of those devices behind a firewall or behind your router will only help if your home network is secure. Take some time to get to know how your home network, set it up properly, and make sure your router’s security settings are up to par. If your home network is poorly configured, the devices you’re trying to shield from the rest of the internet don’t have much protection. There’s even some benefit to making a network map and tapping your network if you really want to explore how these devices communicate.
Beyond making sure your router’s password is unique and strong, your firmware is up to date, make sure your router is using strong Wi-Fi encryption (preferably WPA or WPA2, with WPS disabled) and your router’s administration page is not accessible to the Internet. You’ll also want to make sure all of your other devices are protected by your router or some other firewall—one point of entry to your network can expose all of your other networked devices. Finally, make sure you’re running solid, updated antivirus and anti-malware utilities on your computers.
Finally, it’s important to remember that the weakest link in the security chain is always the end user. That means you. If you don’t take the time to educate yourself on how to protect your data and your devices, you’ll leave holes in your home network that can lead to identity theft, fraud, or malicious users using your devices for their own purposes. That could mean your PC becomes a zombie in a DDOS attack or an unwitting member of a Bitcoin mining operation, your IP camera is plastered across the internet for everyone to see, or your thermostat becomes the subject of script kiddies looking to prank someone. A few resources worth checking out:
- The FCC’s guide to protecting your home network
- US-CERT’s Home Network Security Guide
- The National Cyber Security Alliance’s guide to Securing Your Network
- Our Know Your Network Night School
Either way, whether the consequences are severe or just annoying, a little forethought and a little education goes along way to making sure all of your new internet connected appliances—and your old ones, like PCs and gaming consoles—all get along and work the way you want them to.