Tech Matters: A smart home isn't necessarily a secure home

Wednesday , October 05, 2016 - 5:00 AM2 comments


Smart lightbulbs, DVRs, routers and webcams are just the start of a very long list of devices that can be used by hackers as tools for digital attacks.

Just last week, hackers used an army of security cameras and video recorders to bring down a number of websites, including French web hosting provider OVH and a well known U.S.-based security blog called Krebs on Security.

Analysts warned that this is only the tip of the iceberg.

There are tens of millions of Internet-connected devices in homes around the world and the number will grow exponentially as people add them in pursuit of their own smart home. The idea of controlling your thermostat or seeing who is at your front door from the convenience of your phone is indeed appealing, but there’s always a risk associated with anything that’s connected to the internet.

You can think of the internet as similar to having a seldom used, out-of-the-way door in your house. You may keep it locked, but it wouldn’t be all that difficult for an intruder to break in unseen. And that’s the trouble with smart home devices.

From smart TVs to smart refrigerators, these devices are designed to be remote controlled over the internet, said a security chief at network operator Akamai Technologies Inc., one of the companies that was deluged by the bogus web traffic. “They’re also never going to be updated.” 

The recent attack saw traffic spikes of up to 700 gigabits a second, which is like 140,000 HD movies streaming at the same time and set a new record. It is estimated 1 million devices were hijacked for the attack.

If you were the owner of one of the compromised gadgets, you would likely never know your DVR had been used by criminals. Your device would be infected with malware that would allow it to be controlled from a remote location and become part of a botnet. A botnet is a collection of compromised devices, each of which is known as a bot. Usually there is code in the malware that commands the device to become part of a certain botnet. The botmaster controls the botnet and can then initiate rapid requests to websites. The sudden surge in data requests overloads the server and the website goes down.

This type of attack is called distributed denial of service (or DDoS), and is nothing new. Computers have long been compromised for such activities and that’s why it is important to use strong passwords and keep your system up to date.

What is new is the huge range of devices that can now be used for DDoS attacks. And these ancillary devices often are not as well protected as computers. So what can you do to protect them?

First, like with your computer, keep your internet-connected device systems up to date. That means updating the firmware, especially if your machines are several years old. Most newer units offer an automatic update option -- opt in.

Always change the password that comes with a device. Hackers often take advantage of default user names like “admin” and try thousands of passwords to break into a network. Use long passwords and those that can’t be easily guessed or associated with any of your personal information. And use a different password for each device, one that you have not used before.

Keep a record of your passwords. Frankly, tucked away in a notebook is the easiest and most secure method under normal conditions. If some of your devices do not update automatically, set yourself a reminder every one to three months, get out your list and check for updates. It’s also a good idea to change your passwords on a regular basis.

Most importantly, secure your router. This is like the front door to your home network and the device that is most frequently compromised — don’t leave it open. Change the default admin login and set a new password. Set your WiFi security to WPA2. If your router is older and doesn’t support this protocol, it’s time for a new one.

Leslie Meredith has been writing about and reviewing personal technology for the past seven years. She has designed and manages several international websites and now runs the marketing for a global events company. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at

Sign up for e-mail news updates.