• Dave

When Smart Homes Turn Evil

You got all these fancy smart devices in your home to make life easier... now ask yourself, do you know exactly what they're doing when you're home? How about when you're not? Is it possible that your house may seem smart but is actually kinda stupid and leaving you exposed to malicious / nefarious activities? Will your house turn all Amityville on you? In today's post we'll point out a few best practices and thoughts for "smart" devices:


  • They've made a few upgrades since your time...

  • We're not gonna make it... Humans, I mean...

  • Jeepers Creepers...

  • I have a very particular set of skills...

  • The top of the primordial ecosystem...

  • No one can be told... you'll have to see it for yourself...

  • Whatcha gonna do when they come for you...

  • You don't need to forge a silver bullet...


Generally, a "smart device" is something that connects to a network, generally the Internet, via Wi-Fi, Bluetooth, or other signal for reporting, management, awareness, and other purposes... hopefully not evil. These are often referred to, related to, or called "Internet of Things" (IoT) devices. Common examples include; cameras, doorbells, alarms, thermostats, refrigerators, microwaves, electrical outlets (plugs), lighting, door locks, etc. etc..


Not sure when we got to the point of needing a microwave that tells your mobile phone when the popcorn is done... how big is your house anyways that you can't hear a dinger. Or how that a little two-inch piece of alloy called a key got too cumbersome to carry around in person or pocket. How about refrigerators that tell you to buy milk... really... is this what humans have devolved into... machines taking over. Anyways, you can probably tell I'm slightly biased (against) so-called "smart" devices, but that's just my humble personal opinion. Funny, being a lifelong technologist with a background in Computer Science, everybody thinks my house is ran by HAL 9000, but it's probably the least "evolved" house on the block. I'll try not to harp on human laziness, but stick to helpful thoughts instead, so lets finish with this thought... did we make devices because we're lazy or did the devices make us lazy... hmmm.


Your home could be a creeper. Why, your smart device(s) are possibly tracking you. Unless you locked down the app tied to the device, the app most certainly is... everywhere you go. See my previous post on apps for some best practices. Additionally, have you thought about the possibility your smart speakers and cameras know when you're home (or not), which room you are in, and generally what you're doing, all through your movements. Tracking sound via microphones or motion via cameras is not just Jason Bourne stuff. Additionally, many devices have motion sensors to detect proximity, and even if they don't have such sensors, Wi-Fi in itself is a sensor and can be used to build a map of your home and track you in it. Cool, but scary from a privacy standpoint. Do you think it's being uploaded to the Internet and shared to advertisers and others, which could make it even more open to malicious activity? Well if connected, yeah likely. Then it just becomes a question whether you care or not... as everyone's own life situation is quite different.


I have certain skills, and as an mature (physically anyway) adult male my sitchy is much different than a single young lady living alone with no such skills who's concerned about both live & virtual creepers. Even for the stupid-home crowd like me, sometimes the trade-off of having a smart device is worth it. I know my alarm is tracking all my household movements... why... because it's disclosed in their policies. So, for Me personally, the benefit of an alarm is worth the privacy (i.e. virtual creeper) trade off. But the alarm is about as far as I go in being "smart". Regardless of whether devices and/or apps are tracking you... the next question is if they are communicating with each other. Quite possibly, as it's common for devices to create peer-to-peer (P2P) networks and talk to each other, especially those in the same device family. What they heck are they saying? Are they trying to make life easier for you? Or, are they trying to determine if your name is John Connor and planning the apocalypse. Companies now are even working on building P2P communication into new vehicles... what could go wrong? Plus, I don't want my little car being talked down to by some fancy-pants Tesla, BMW, Mercedes, etc. that thinks they're morally superior having cost more. No thanks... my little introverted car is happy by itself!


I've posted about Wi-Fi previously, but lets touch on how it relates to your smart home. While some devices can or will use your mobile device as an Internet proxy... connecting to your mobile device via Bluetooth... then to the Internet through that device, generally the hub of all smart device activity is your home Internet router. So, have you secured your router with a unique, complex, and secure password? The answer should be yes. Is your router capable of handling all your devices without compromising quality? Hmmm... do you want the lazy Masters Degreed but still unemployed millennial adult man-child still living at home complaining about not having enough bandwidth for his gaming? Probably not. These days it's not difficult to have 25-50+ Wi-Fi devices on your home network, all fighting for signal. If you're router can handle it, fantastic. However, even if it can, remember that signal congestion degrades your entire network causing lag... making the millennial man-child upset as he loses his FPS match because of latency issues. The reality is every active device added, slows things down... just like adding cars to a road. Lastly, is your router up to date with the latest security / software / firmware updates recommended by the vendor? Not having a secure router is a common way for some punk ass teenage hacker from some country whose name you can't pronounce take over your entire home network, essentially owning you. Don't get pwned!


Ok, router secure... check, now how about all your (individual) smart devices? Each device should have a different, unique, and strong password. The corresponding app should also have a unique and strong account password. Also, both device and app should have multifactor authentication enabled if available. Like your router, are the individual devices and corresponding apps up to date per the vendor's recommendations? So, what about smart devices where you are not using "smart" functionality? Well, be sure to disable all signals and turn off capabilities you do not need or want. Be aware that even if you don't specifically enable smart functions, it's possible some devices could connect to an open Wi-Fi connection and begin a conversation with their respective mothership. So, lock your devices down, know how to disable signals when not needed or wanted. Also, don't forget what I noted in my security camera post about device placement... you don't want cameras seeing things they shouldn't, or smart speakers listening where not wanted. Always have a plan that balances good security practices with your individual lifestyle and needs.


Now that I probably got you paranoid... sorry... what can happen? Well, as a individual home you're a small fish in a very big pond, so if you have everything "toight like a tiger", exercising best practices, then odds are in your favor. Otherwise, it gets kinda scary. Hackers can turn up the heat in your smart thermostat and send whatever they want you to hear, which is not generally pleasant, through your smart speakers. Yeah, it happens. How about someone watching you through your cameras. Yeah, that happens too. Again, everyone hopes they're not a target, but sometimes you'd never know. What about smart locks. What happens when they fail, battery dies, or get hacked? Does it fail secure... locking you in/out, or fail safe... letting everyone in. Does it allow for a backup physical key... you know that little pesky metal thingee? Can it be opened remotely by the vendor, landlord, law enforcement, or someone else maybe you don't want in without an order, warrant, etc.. These thoughts can be especially important for renters to understand, and ensure their rights are clearly outlined and understood.


So, consider whether or not the "smartness" of a device is needed or wanted. Do you really need a smart hot water heater? Or, should it just provide hot water when you turn on the faucet. Do you need a smart dog treat device? Or, should you have a family member actually stop by and play with it... the dog would respond "woof-human-yes-please". Most of this smart device stuff is about economics, as these devices are generally more expensive and lead to peripheral revenue opportunities such as with subscriptions, native advertisements, and fees for selling your data. Contrary to popular belief, most companies don't care about you, only the dollars going into their pockets. But, as I've mentioned before some work harder to ensure the dollars continue to flow, so diligence should be placed on the manufacturer / vendor. Buying reputable products from reputable sources which have a record of public trust & disclosure is always a solid starting point... never a silver bullet, but a good start nonetheless.


So, what does all this mean. Enjoy smart devices with some diligence, a small degree of paranoia, and cautious optimism. Make sure you control the tech... the tech shouldn't control you.


Always feel free to e-mail me comments. You can find my info on the "Team" Page.


DISCLAIMER: I'm just a guy who's been around tech and knows some stuff. I always remind others that what I say is purely FWIW, IMO, FFT, FYI, and many other acronyms... so while I strive to convey quality deets... you get no promises on accuracy or validity. I'm sure a lawyer would say; information not guaranteed, actual results may vary, and use at your own risk.


Cheers!


Dave - IT/BA, Stocker & Watts, Inc.


Real Estate Reinvented | Sacramento CA


31 views

Recent Posts

See All