Is Smart Home Security Easily Hacked in 2024? Here’s Everything You Should Know | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | #hacking | #aihp

Start researching smart home security topics on the internet, and you quickly run into articles on smart home hacking. It’s an unpleasant consideration: What if your new (and often expensive) smart home device gets hacked by a stranger? What could they do with it?

It’s easy to see how smart home hacking can be a hot-button topic or even a source of fearmongering for the sake of clicks. That’s led to a lot of “advice” articles and news stories that are neither clear nor honest about the risks of home security hacks and how they happen.

At CNET, we want to equip you with accurate, real-world information you can use to pick the best home security devices and keep your home safe. That also means understanding what smart home hacking really is, where it’s likely to come from and how you can protect your devices. The good news is that your smart home tech is probably safer than you think, but let’s take a deeper look.

How can smart home devices be hacked?

If burglars use the physical kind of brute force and black hat hackers are usually busy elsewhere, who exactly is trying to hack smart homes these days? Let’s narrow it down to common culprits.

• A relation or acquaintance: Lots of troublesome smart home “hacking” comes from relations, exes, estranged roommates and others that already know the smart device logins or otherwise had access. They use that previous access to spy or cause trouble on purpose. That’s a sign to update all login passwords and possibly file a police report.
• An untrustworthy company employee: Many home security data breaches come right from the company itself, usually in the form of an employee who’s snooping through camera feeds like this ADT technician. As with interference from past acquaintances, little real hacking is required and the objective is usually more malicious or pervy than monetary.
• Data thieves looking to sell: These thieves are trying to scoop up as much personal data as possible, anything from addresses to login info, so they can sell those lists in the shadier parts of the internet. This data can be passed along to others who may try to use this data for select hacking attempts or resell it. This is why it’s important to update your passwords when you’re notified of a security breach.

• Potential blackmailers: The story goes that persistent cybercriminals attempt to seize control of smart home cameras and then threaten to do something unless you pay them. They may try to lock you out of your security system or claim they have compromising video of you. This is something of an urban myth: In most cases, people spam lies about a hack and hope someone will fall for it.
• Foreign governments: Government-backed entities aren’t interested in spying on you personally, but they may want to collect as much information about other nations and their citizens’ behavior as possible. That can sometimes lead to hacking attempts or security backdoors: Fortunately, the FCC currently keeps a list of companies that are prohibited from selling security devices in the US because of this risk (other countries have similar lists), including Huawei, Dahua and ZTE. Check these lists before buying foreign home tech products.

How do you protect against potential home security hacks?

As you can see, while highly targeted attacks aren’t a concern, smart homes are subject to broader hacking attempts. Fortunately, the vast majority of these attacks fail quickly when they encounter basic security practices. You can adopt several great habits to help your home security right now:

1. Strong passwords: Long, complicated passwords for your smart device app accounts and especially your Wi-Fi router are your best move against botnets and online attackers. That doesn’t have to be a headache these days, especially if you enlist a good password manager that can generate a strong password and save it for you for quick access.
2. Two-factor authentication (TFA) when possible: Always enable TFA if it’s available on a device. We’re seeing more and more brands, like Ring and Blink, automatically use TFA to secure accounts during setup, which is a great step in the right direction.
3. Trusted brands with high-value encryption: Stick to trusted brands that use end-to-end encryption and similar measures to protect their devices and your data. Review security and privacy policies before making a final choice about a home security product. Arlo, for example, has healthy signs like penetration testing, third-party research, membership in the Connectivity Standards Alliance and details on their encryption practices.
4. Local storage: If you’re worried about wide-scale data theft, look for security devices that allow you to keep data off the cloud and company servers, including Lorex, Eufy and TP-Link Tapo cameras. On that note, consider keeping security cameras away from more private areas like your bedroom.
5. Updated smart devices: Keep your apps and firmware consistently updated to patch any problems. If you have a smart device that’s several years old or older, it may be time to consider replacing it with a new model that’s compatible with the latest protocols like Matter and Thread.
6. Security news vigilance: Pay attention to your smart home security brands and if they face any security breaches, vulnerabilities or data theft. Stick with high-quality products from companies with a good track record. We’ll keep you updated at CNET Home Security if we find any serious problems with brand security and if we recommend companies that have run into problems, like Wyze’s repeated security errors giving strangers a view into other homes.