It may be cool to have appliances and other parts of your home connected to the internet, but there is the downside of security vulnerabilities to deal with.

Share story

Modern homes are getting internet-connected light bulbs, thermostats, TVs and speakers. So with a simple voice command or the touch of a button on our smartphones, we can set the temperature, turn on a light or prepare the TV to record a program.

What could go wrong?

A lot more than most people are prepared for, it turns out. If one of these devices gets hijacked, hackers could potentially snoop around for sensitive data like financial or health information. Or they could use a network of compromised devices to perform a widespread attack that takes down major websites, which is what happened in October.

“There’s still this whole sort of, ‘Gee whiz, it’s so cool’ thing that’s going on” with internet-connected home appliances, said Lee Tien, a lawyer for the Electronic Frontier Foundationa nonprofit that focuses on digital rights. “That’s also what often gets us into trouble.”

So it behooves us to get ahead of the curve by securing our home appliances, using these tips from security experts who have closely studied smart home accessories.

Research before buying: When shopping for an internet-connected home device like a smart speaker, lighting system or television set, a good rule of thumb is to go with a trusted brand.

Larger, well-regarded companies like Amazon.com or Google have a background in developing products with security in mind, said Liviu Arsene, an analyst for Bitdefender, which sells security hardware for protecting smart home accessories. Before buying a product, consumers should do a web search on it to see if the company regularly issues software updates that fix security vulnerabilities, he said.

People should also carefully read company privacy policies. David Britton, a vice president in the fraud and identity department of Experian, the credit-reporting agency, said people should be curious about whether companies themselves were a threat to user privacy.

“What are they capturing about you?” he said. “Is the data leaving the device? Is it being sent back to the mothership?”

Amazon said its Alexa smart assistant, used in its Echo speakers, automatically downloads software updates to defend against new security threats. Data from the Echo is also uploaded to Amazon’s servers only after people utter the wake word “Alexa,” the company said. That minimizes the likelihood that the device will record conversations unrelated to requests intended for Alexa.

Google said its Home speaker similarly issued regular software updates and employed advanced security features, like a technique that disables the device if its software is tampered with. The company added that the speaker processed speech only after the words “OK Google” or “Hey Google” were detected.

Strengthen Wi-Fi security: Your Wi-Fi network is the pulse of your smart home, making it a vulnerable attack point. Britton and Arsene suggest connecting all your smart home accessories onto a Wi-Fi network separate from the one connected to your computing devices, like your smartphone, tablet and computer.

With two distinct Wi-Fi networks, it will be harder for a hacker to jump from infiltrating your smart accessory on one network to a personal computer on the other network, Arsene said.

The easiest way to create a second Wi-Fi network is to make a guest network. Many modern Wi-Fi routers, like TP-Link’s Archer C7, include the ability to host a network for guests that uses a name and password different from that of your primary network.

Beef up passwords: The same security principles for websites apply to the so-called Internet of Things. You should set strong, unique passwords for logging in to each device you own. If you recycle your passwords and one device is compromised, the others can be, too.

A strong password can be a random string of characters or a nonsensical phrase with numbers and special characters.

If you cannot memorize your passwords, that is a good thing: That means they are hard for hackers to crack. Keep them written down on a piece of paper and stored in a safe place, or store your passwords in a password-managing app like 1Password or LastPass.

Audit for updates: While reputable manufacturers of smart-home accessories offer software updates to patch security vulnerabilities, it is often up to the consumer to stay on top of them. Because it lacks a screen, a smart light bulb or an internet-connected power socket is going to have a tough time informing you that it needs a software update.

Britton and Arsene recommend that consumers regularly log in to the mobile apps or websites for their smart home accessories to check if they need software updates. If updates are available, install them immediately.

Hit mute: Among security researchers, putting a piece of tape over a computer webcam has become a tongue-in-cheek recommendation for those who are extra paranoid about their privacy. (Even Mark Zuckerberg, Facebook’s chief executive, does it.)

With smart speakers like the Amazon Echo and Google Home, there is an equivalent: a mute button to disable the device microphone so it can no longer listen. In the unlikely event that a device is hijacked, muting the microphone could help prevent hackers from listening to your conversations, Britton said.