No doubt you’ve read at least one story of a well-known smart home product being hacked. Whether it’s a security camera, video doorbell or smart speaker, some manufacturers simply aren’t prioritising privacy and security when designing these products.
Some are ludicrously easy to hack (for someone who knows what they’re doing) because the admin password is set to ‘admin’, while others have security vulnerabilities that never get patched.
As we install more and more smart devices in our homes, they become a bigger target for hackers. Obviously, it isn’t a big deal if someone hacks your smart lights or heating. Losing control is inconvenient at best.
There could be more serious consequences for indoor devices fitted with microphones and cameras, but what about a robot vacuum which maps your home? Is that sensitive information falling into the wrong hands?
What about if someone hacks your connected car and is able to gain control of the vehicle? Taking it to the extreme, lives could be at stake.
You can’t install antivirus software on an Amazon Echo or Nest Doorbell, but there’s no need to stop using those gadgets. There are some things you can do to help protect your smart home from hackers, and here are X tips which anyone can follow, even if you’re far from a tech or security expert.
1. Don’t reuse passwords
It’s tempting – and convenient – to use the same email address, username and password for multiple services. Don’t. If one of them is hacked and your login leaked, then it isn’t just that one service that can be abused: hackers now use any logins to attempt to log into all popular online services to see if they work.
If you can’t remember multiple passwords – and who can – then use a password manager such as LastPass or 1Password to remember them for you.
1. Use two-factor authentication
2FA isn’t available on all smart home accounts, but where it is, enable it. Yes, it’s less convenient to have to type in your password and then get a second code sent to your phone and have to enter that, but it is much more secure.
It means that even if your email address and password is hacked, criminals still cannot log into your Google Nest account, for example.
Smart home manufacturers which use two-step verification include: Amazon, Ring, Google, Nest, Microsoft, Sony (PlayStation).
2. Change the default password
When you first set up a device, you should be prompted to change the default password. This won’t always be the case, but for some devices, such as NAS drives, security cameras and others, they will use a standard username and password for access.
If you leave it at the manufacturer’s default, it’s relatively simple for anyone with a list of those default passwords to log in.
3. Disable remote access if you don’t use it
Most smart devices can be controlled wherever you are, not just at home. But if you don’t need remote access, look for an option to disable it.
This will make it significantly harder to access as someone would first have to hack your router or Wi-Fi to gain access to your home network, and that is extremely difficult.
4. Don’t use smart home kit over public Wi-FI
Free Wi-Fi is nice, but it’s inherently unsecure because there’s no encryption if you don’t have to enter a password to connect to the network.
This means a lot of data is sent as ‘plain text’ which is easily readable by anyone who knows what they’re doing and who is using the same free Wi-Fi. Poorly coded apps can, for example, send your password in plain text when it really should be encypted.
If you must use public Wi-Fi, then be sure to use a VPN such as NordVPN as this will encrypt all data going to and from the internet via that free Wi-Fi connection.
5. Keep devices up to date
The best smart home kit automatically updates itself whenever new software or firmware is available. But you can also check manually to make sure your devices are up to date.
The process will vary, but you’ll typically find an option to check for updates in the device’s companion app on your phone.
6. Use PIN or password on your phone, tablet and PC
The temptation is to go for convenience and not set up any password or PIN on devices you use at home. But this is very risky.
Windows 10 allows you to set a PIN once you’ve set up a password, and this makes it faster to log in. If your computer supports Windows Hello, set it up. This uses a fingerprint or face recognition to log you in even faster, and the same applies to practically all phones: they all have fingerprint scanners or face recognition.
Just watch out for basic face recognition that can be fooled by a photo of you: systems which use IR or 3D scanners are much more secure.
7. Buy from trusted companies
There are so many choices when it comes to smart home products, especially security cameras, but there is no way of knowing if the device you’re buying is actually secure or not.
As McAfee’s Raj Samani pointed out when I spoke to him recently, “When you’re looking for a tradesman to carry out some work for you, you have various ways to check if they’re reputable. There are numerous websites such as Checkatrade.com which allow you to read reviews of their work, and you can find out more about them from Companies House.”
“You cannot, however, check if the manufacturer of a smart home device has adopted secure coding practices. You can’t ask at a car dealership if you can check over a connected car’s software code. We have to make purchasing decisions based on opaque information. We have to trust the company.”
8. Get security on your router
Antivirus is essential on devices that can run it, and if you’re not using it then you should be. As much as anything, it’s everyone’s responsibility to run antivirus software to prevent the spread of malware, otherwise you’re facilitating it.
Here are our recommendations for the best antivirus software.
For devices which cannot run antivirus, you can protect them with software that runs on your router, or you can buy a dedicated router such as the Bitdefender Box 2 ( reviewed).
Routers such this and the D-Link DIR-2660 run McAfee security software, so protect all devices that connect to the internet through them, and usually also offer parental controls as a bonus.