Smart Homes, Smarter Consumers

Today, the phrase “internet of things” or simply the acronym “IoT” is commonplace. There are currently more than 13 billion interconnected devices (digital and electronic) globally and the path toward broader connection between various aspects of daily life is paved with everything from smart phones and tablets to smart appliances and security cameras.1 According to the Consumer Technology Association, 15% of households already own smart home devices and that number is growing.2 However, as devices get smarter and homes grow more connected than ever before, the risk of cyberattacks is also rising.

The companies who design and manufacture the smart devices of tomorrow must stay ahead of these threats by focusing on security with every product, but this responsibility is not one sided. Users of these connected device must remain savvy, aware, and willing to take necessary precautions to keep their networks and devices safe. Intelligent assistants (e.g. Alexa and Siri), smart appliances, HVAC controls, lighting, speakers and the various other gadgets that make a home “smart” are convenient and exciting to use, but it’s important to understand the related cybersecurity risks even when they may not be as flashy as some of the fancy features. With that, it’s also good to know what the industry is doing to keep consumers safe.

Read the Manual, Know the Product

With new devices pouring into the market, it’s easy to get caught up in product releases. That often means buying a product and putting it to use as quickly as possible, but that can be a mistake. Before buying a smart/connected device, research your options and get to know the company. After you’ve made your purchase, spend time reading the manual, familiarizing yourself with the device and understanding its security features. If the device requires a password for administrative access or daily use, be sure to set a secure password. Passwords are your first line of defense against a cyberattack. As these devices often use your Wi-Fi network, setting a strong password for network access is equally as important. But administrative actions don’t stop with passwords.

These devices require software to operate and, as bugs are discovered or vulnerabilities surface, manufacturers will typically update the software. When your device recommends a software update, it’s best to complete it as soon as possible. These updates often help strengthen security.

Always Monitor Access

Anyone with access to the system can change settings, operate devices or, if their intent is malicious, cause problems. By limiting who has access – from friends and family to third party applications that may request access for a given purpose – you can limit your exposure to unwanted use. In other words: keep your password a secret.

Understand the industry

Though the number of attacks reported on smart home systems is relatively low, studies have found numerous vulnerabilities. From poor low-energy security to a lack of general security protocols, hacking events sponsored by the University of Michigan, MIT, and DEF CON 24 have found security flaws in smart home automation systems, baby monitors, lighting systems, and more.

To help safeguard the industry, the U.S. government has been involved in connected-device security efforts since 2013. In November of 2016, the U.S. Department of Homeland Security (DHS) released, “Strategic Principles for Securing the Internet of Things,” a guidance document aimed at those who “design, manufacture and use Internet-connected systems and devices.” This document outlines six principals — including “Incorporate security at the design phase” and “Prioritize security measures according to potential impact” – that are intended to foster the creation of more secure products.

As a global leader in product safety, UL is also working to help keep everything as safe as possible. With UL’s Cybersecurity Assurance Program (UL CAP), they work to help manufacturers minimize the vulnerability of smart home systems and devices. Through a series of UL requirements that provide criteria for assessing cyber vulnerabilities, UL CAP complements the DHS guidance in its effort to work toward a safer world.

Ultimately, the combined efforts of consumers, designers, manufacturers, government bodies, and independent safety organizations like UL can lead to a safe, secure network of connected devices. However, with technology advancing as quickly as it is, working together now is the best way to make that happen.