How to Protect Your Smart Home Devices From Hackers

What if your car, home assistant, or baby monitor could share your information with someone else? Oh wait, they can. This article is about understanding and avoiding the privacy risks that accompany IoT devices.

Olga Sushko
Image of a BMW with eyes and a Google Home with an ear
Illustration: © IoT For All

Let’s face it: processing data is an integral part of the way IoT devices work. Some of the data they gather or generate can contain personal information. If you need help with navigation, you have to disclose where you are and where you want to go. If you want a smart home security system, you have to expose your home to that system—often whole raw video feeds.

It’s important to question where all that information goes both by design and when stolen or processed incorrectly. Let’s check out three scenarios so that we can understand how to mitigate the privacy risks of smart devices.

1. Connected Cars

Even such trusted brands as Jeep, Tesla, Volkswagen, Audi, and BMW have had software and network vulnerabilities. If intruders get access to the vehicle’s GPS data, for instance, they can plan a robbery when the car owner is away from home, intercept the vehicle along a known route, or blackmail them using vehicle data that might expose infidelity etc.

2. Home Assistants

A recent scandal with Google Nest Guard centered on the fact that this home security hub had a hidden microphone that the device’s spec sheet hadn’t mentioned. This goes to show that sometimes the user can’t even know exactly what forms of data are being gathered and how they’re being processed, and therefore, what risks are associated with their smart device. And even when the data gathering functions of a smart device are made clear, things can go wrong. For example, Amazon Alexa has, in the past, accidentally sent voice recordings to third parties.

3. Intimate Toys

Intimate life is one of the areas where privacy breaches can hurt the most. While smartphones have introduced numerous new risk surfaces to people’s intimate lives, smart adult (or intimate) toys bring many new risks. We-Vibe, a sex toy manufacturer, has already settled a $3.75 million dollar lawsuit for collecting user data irresponsibly via a companion app. Yet, many of the similar devices on the market are poorly protected, so future breaches may arise.

4. Baby Monitors

Parents would do anything to protect their babies, but sometimes modern baby monitoring devices can be used for harm. A number of cases on hacking smart baby monitors were reported. A stranger suddenly yelling at a child and its parents through the connected microphone is a truly frightening experience. And yelling at your baby through a baby monitor is probably just the beginning of what a hacker with bad intentions could do with access to a baby monitor.

So, Can You Protect Your Privacy in the Smart Device Era?

For those who aren’t ready to give up on smart devices, these four tips can help reduce your risk profile and give you some peace of mind.

1. Secure Your Home WiFi Network

This is the first thing to do: make sure your home WiFi router is protected and updated. It’s not that easy, but this guide is really helpful and the efforts are reasonable.

2. Change Default Passwords

When connecting smart devices, make sure you change a default login and password to something secure. The pre-installed options such as “admin/12345” are a huge security liability. Make sure to create unique and secure passwords for all smart device endpoints.

3. Disable Unneeded Features

Take a tour around the device’s settings and decide what should better be off. Tracking of your location, camera connection or remote control may be the features that you don’t need in a certain device. Probably, it’s better to disable them. Here is a guide on dealing with home assistants’ settings.

4. Delete Information if You’re Selling Your Device

If you’re selling or giving away your smart device, you better have cleared off your private data. For instance, be sure to reset your connected car systems to factory settings. Ensure all trip history and connected device authorizations are removed. Consider addressing a reliable professional to wipe all the data completely. If you’re selling a smart speaker or baby monitor, make sure that any on-device storage is completely wiped to factory settings before you send it off.

While the market of IoT devices is still taking shape, and it’s hard to define reliable vendors, you must consider privacy risks when purchasing, using, and/or selling smart devices. Be sure to read the product specifications, license agreements and watch the news to prepare yourself for unexpected outcomes.

Olga Sushko
Olga Sushko
Being a fan of tech innovations and new online services, I want to use them safely, and I want to help other people stay safe, too! This is why I'm digging deep into privacy and cybersecurity, particularly in relation to IoT.
Being a fan of tech innovations and new online services, I want to use them safely, and I want to help other people stay safe, too! This is why I'm digging deep into privacy and cybersecurity, particularly in relation to IoT.