12 Tips for Securing Your Smart Home Devices

Securing IoT devices protects you from network hacking, device hijacking, and data theft so you can enjoy the many benefits of smart home devices without worry.

Smart home devices are part of the cloud-connected world called the Internet of Things (IoT). Nearly half of homes in the U.S. enjoy the convenience of smart speakers, smart TVs, smart door locks, and video doorbells. But with the rise of internet-connected home tech, the challenges of securing IoT devices are increasing. Can hackers listen in and steal data from Alexa speakers, take control of smart security systems, and tap into other devices on your home network?

The short answer is yes. Hackers can potentially gain access to your smart home devices and the data they store. However, securing IoT devices isn’t difficult once you know where security holes exist. In this article, we’ll explore how smart devices introduce vulnerabilities to your home and what you can do to prevent hacking and data collection.

In this article
Alexa, how secure is my smart home?
Smart home device hijacking
Geotracking personal movements
How smart devices boost home security
12 ways to secure IoT devices
1. Change factory default passwords
2. Use strong and unique passwords
3. Lock down your home Wi-Fi network
4. Use a separate Wi-Fi network for IoT devices
5. Update device and network firmware
6. Use a Virtual Private Network (VPN)
7. Set privacy and data rules on IoT devices
8. Use two-factor authentication on smart device apps
9. Set up voice recognition
10. Disable or require passwords for audio purchases
11. Mute or disable audio and video features
12. Disable geolocation unless required
Other tips for securing IoT devices
FAQs
Bottom line

Alexa, how secure is my smart home?

Alexa: Hmm… That depends.

Anything connected to the internet poses a security vulnerability in your home, and smart home devices bring cybersecurity worries to your doorstep — quite literally. From internet-connected smart door locks and appliances to robot vacuums, nanny cams, and microphone-enabled smart speakers, our homes are filled with products that can track and record our every move. It seems the quest for connected convenience makes us more vulnerable with every device we add to our home network.

Here are a few ways that smart device hacking threatens cybersecurity at home.

Hacking for data collection

Hackers look for vulnerable IoT devices and home networking equipment to tap into stored personal data on computers and other connected smart devices. Once in, hackers can install malware and access personal information and payment data stored in the device software or controller apps. They also exploit security holes in your home’s network to breach other devices for data collection.

Smart home device hijacking

Unsecured IoT devices are also vulnerable to hijacking, a form of hacking where cybercriminals disable or take control of smart home devices and systems. Security systems and smart door locks are particular concerns since this type of hacking crosses into personal safety, not just data security.

Smart device hijacking attacks include:

  • Device setting resets: Hackers test common factory default logins using programs that scan networks and smart devices. When they strike gold, they reset passwords to take control of IoT devices including garage and front door locks, security systems, smart speakers, and video cameras.
  • Deauthentication: This form of hacking uses Wi-Fi disruption devices to take smart home devices offline so you don’t get alerts and warnings. Smart security systems and video doorbells are primary targets of deauthentication by tech-enabled thieves looking to gain undetected access to your home.
  • Unauthorized activation: Once cybercriminals access your smart devices, they can install malware that controls video and audio features to spy on your family and record the happenings in your home. They also target garage or front door locks to gain access or control other devices for nefarious ends. Thieves even look for smart speakers placed near windows and test commands that unlock doors, turn on lights, and place orders for porch piracy.

Geotracking personal movements

Cybercriminals also attack home networks and IoT devices to access geotargeting features. Smartphones, tablets, and smart device apps are primary targets of tracking hacks. Hackers use these intrusions to see where you’re located, track your usual movements, and know when you’re away from home. This is another vulnerability that threatens both personal safety and home security.

How smart devices boost home security

Now, don’t toss your smart devices in the trash just yet. Despite these potential hacking threats, there’s no question that smart home devices dramatically improve home security and safety. Once your home network and smart devices are protected from cyber thieves, you can enjoy the convenience and peace of mind that smart home devices are designed to deliver.

For example, smart security systems deliver instant status updates, smart locks pair remote convenience with intrusion detection, and video-enabled devices provide visual drop-ins when you’re away from home.

You can also layer home protection using smart speaker security features, such as the free Alexa Guard skill and similar apps on Google Home and other brands. These activate the microphone and video features when you leave and alert you to movements in the home and sounds such as glass breaking.

12 ways to secure IoT devices

Tackling the challenges of securing IoT devices and your home network isn’t difficult and, surprisingly, requires no tech expertise. If you’re able to install smart home devices, you have the skills to secure them.

Here’s how to lock down your smart home network and secure the IoT devices connected to it.

1. Change factory default passwords

Factory default settings on modems, routers, and connected smart devices are a one-stop shop for hackers. This is the first place they look when trying to break into network equipment and IoT devices. If you haven’t already, change the factory passwords for everything connected to your home network, including any smart device control apps.

2. Use strong and unique passwords

Weak and predictable passwords are another easy “in” for hackers. Strong passwords are at least eight characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. Create unique passwords for every device and avoid using repeated patterns, common phrases such as "password," or personal information like a birthdate or address.

3. Lock down your home Wi-Fi network

If not secured, home Wi-Fi networks give hackers access to computers, smartphones, and all connected smart home devices. After changing the default password, change these Wi-Fi settings to help tighten your network security.

  • Use an unidentifiable SSID: The Service Set Identifier, or SSID, is the network name that appears when scanning available Wi-Fi networks. To protect your network and identity, don’t use your name or your address here. Use something hard to guess, or better yet, hide your SSID if your settings allow it.
  • Enable WPA2 or WPA3 encryption: WPA2 is the current encryption standard that protects data transmitted across a Wi-Fi network. Most Wi-Fi routers and mesh network devices support WPA2, and newer devices support WPA3, which is the next generation of Wi-Fi encryption.
  • Turn off Universal Plug-and-Play (UPnP): This quick-connect feature is built into most Wi-Fi routers and gives cybercriminals easy access to your network through a hacked device or unauthorized network connection. Using UPnP, hackers can attack network firewalls and install backdoors and malware to steal data from compromised computers and IoT devices.
  • Check Wi-Fi-connected devices: Check your Wi-Fi network connections to display the devices connected to the network and ensure that you recognize all of them.

4. Use a separate Wi-Fi network for IoT devices

Wi-Fi routers and mesh networks typically have preset Main and Guest networks, and most let you set up additional networks as well. Stacking devices on one network makes them all vulnerable if one is hacked. Instead, put data-critical devices such as computers and security systems on their own networks and group smart speakers, smart TVs, and IoT appliances on a separate network.

5. Update device and network firmware

Keeping device and network software, firmware, and controller apps updated ensures you have the latest patches for known vulnerabilities. If possible, set devices and apps to update automatically or notify you to manually install updates upon release.

6. Use a virtual private network (VPN)

Installing a VPN on your Wi-Fi router adds an additional layer of encryption security to the data transmitted by IoT devices. A VPN encrypts data transmissions across the internet, not just along your Wi-Fi network. This makes your data untraceable by hackers and helps prevent data breaches and malware attacks.

7. Set privacy and data rules on IoT devices

Thanks to new privacy rules, such as the California data privacy law, consumers have more say on what data is collected and how it’s used than ever before. However, you still need to check and set the privacy and data storage settings on each device per your needs. Most IoT device control apps let you set data storage, tracking, and deletion rules in the privacy and security settings.

8. Use two-factor authentication on smart device apps

When available, enable two-factor authentication on the control apps for all smart devices. This adds an extra layer of security by requiring you to enter a code to access your device’s app-based controls, status, and settings. For added identity protection, enable two-factor authentication on email accounts and those that contain sensitive information, such as financial and healthcare apps.

9. Set up voice recognition

Voice recognition prevents strangers and unauthorized users from activating Alexa, Siri, and Google Home speakers, as well as other voice-enabled devices. Set up voice recognition for all occupants of the home and adjust device settings to restrict commands to only recognized voices.

10. Disable or require passwords for audio purchases

Turn off the audio purchase feature on smart speakers and hubs or require a password to complete a purchase. This protects your shopping accounts from unauthorized purchases by other occupants in the home, such as roommates or their friends.

It also protects you from a sophisticated form of porch piracy. These creative thieves look for smart speakers and hub devices near a window and make purchases then steal packages from your porch.

11. Mute or disable audio and video features

Mobile and smart devices have digital helpers that are always on and listening or observing, waiting to be activated. Yes, they record and store interactions unless you’ve disabled recordings in the device settings.

Amazon, Google Home, and other smart device brands state they access random recordings to improve voice-activated services. To protect your privacy, disable data recording features on mobile phones and IoT devices and physically mute devices when not in use.

12. Disable geolocation unless required

Geolocation powers everything from mobile mapping, targeted advertising, and group gaming to automation features on devices like smart door locks and security systems. However, it poses security risks if hackers gain access to your location data.

To protect yourself, disallow geolocation on social media accounts, browsers, and apps that don’t need it to function. For mapping apps and others that require geolocation to work, only allow it when the app is in use. Also, clear cookies on mobile browsers regularly protect online privacy and security and delete stored movements.

Other tips for securing IoT devices

The following are additional tips for keeping your IoT devices secure:

  • Keep smartphone software updated to protect smart device apps from hackers.
  • Require password, facial, or fingerprint access on smartphones to protect smart device apps.
  • Place smart speakers away from windows to prevent strangers from activating the device.
  • Only let primary users download and log into smart device controller apps.
  • Use a set of fake criteria for birthdate and other identifiers during app registration.
  • Only download recognized apps and skills on smart TVs and smart speakers.
  • Change guest passwords and codes on Wi-Fi and smart door locks when visitors leave.

FAQs


+

What is the Internet of Things (IoT)?

The internet of things, or IoT, refers to physical devices and objects that connect to the internet and are transforming the way we work, live, and play. Some IoT items are obvious, such as smartphones, tablets, and laptops.

Smart home devices that use the internet to provide added features and conveniences are the fastest-growing segment of the IoT. These include popular Alexa and Google Home speakers, smart security systems, door locks, thermostats, and all home appliances.


+

Can someone else control my smart speaker?

Yes, hackers, outsiders, and unauthorized users can control smart speakers. Hackers use factory default passwords and malicious code to send commands, drop into conversations, and steal personal and recorded data. Outsiders yell commands through windows to control connected devices such as door locks or install rogue skills. Unauthorized users such as roommates or visitors can place orders on your shopping account.

Protect against all of these smart speaker intrusions with strong passwords, voice recognition, and strict privacy settings.


+

Do smart devices listen to you?

Yes, smart devices are always listening, but not officially active and recording unless they hear the “wake word,” such as Alexa, Hey Siri, or Hey Google. Because of this always-listening status, voice-activated devices are targets for hackers intent on spying, eavesdropping, and stealing personal information via audio capture. Most smart speaker and smart device manufacturers state that they randomly access recordings to improve voice-activated features.

Bottom line

Smart home devices can certainly make daily life easier and more convenient and help boost home safety in many ways. But are smart homes safe? The answer to that question all depends on the steps a homeowner takes to secure their home network and connected devices. Default passwords, unsecured Wi-Fi routers, and outdated software are just a few of the many windows hackers use to gain access to home networks, vulnerable IoT devices, and the data they contain.

Securing IoT devices and network equipment with strong passwords, unique Wi-Fi networks, and encrypted Wi-Fi settings is something anyone can do, regardless of tech expertise. Start by securing your Wi-Fi network and creating strong, unique passwords for all network and IoT devices. Then work through the other tips listed above. Once secured, you’re ready to enjoy all of the benefits of your smart home without worry.

Author Details
Krista Fabregas is a seasoned online technology and business processes pro who loves helping others define and achieve their goals. Her business tech advice and how-to’s have been featured in Forbes, NerdWallet, CreditCards.com, and FitSmallBusiness.com.