For many Estate Managers, one the first, and seemingly most important questions, from our clients and principals is ‘do you know how to use smart home technology’? As we begin a discussion on cybersecurity, where do ‘smart homes’ fit in? At a recent property, all of our major systems including locks, climate, and security could be controlled by a phone. While it is incredibly convenient, it’s also an enormous risk. Just as your computer is vulnerable to thieves and hackers via the internet, so is the networked home; smart homes can be hacked too. In fact, a discontinued system from Insteon was insecure enough that a technologically average Forbes reporter hacked them from the comfort of her living room.
Forbes reporter Kashmir Hill was able to access the houses of complete strangers. From San Francisco, she turned the lights of homes in Oregon and Connecticut on and off, identified their homes’ physical locations, and could have done much worse:
Googling a very simple phrase led me to a list of “smart homes” that had done something rather stupid. The homes all have an automation system from Insteon that allows remote control of their lights, hot tubs, fans, televisions, water pumps, garage doors, cameras, and other devices, so that their owners can turn these things on and off with a smartphone app or via the Web. The dumb thing? Their systems had been made crawl-able by search engines – meaning they show up in search results — and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion.
Hill noted that she was able to uncover sensitive information from eight different houses, including but not limited to IP address, children’s names, and even real-world locations. Coupled with social media, it would be very easy to determine when a family was away, or worse, when they were home, and make targets of them.
What’s the solution to prevent hackers from targeting your home? There are a few precautions one can take:
Hire a professional. If you think your property is vulnerable, reach out to your IT or AV specialist. Don’t have one? Jerry Irvine, a member of the National Cyber Security Task Force, says there are numerous mainstream services, such as Best Buy’s Geek Squad and others at large electronics retailers, that can ensure smart home systems are protected with firewalls. “They typically charge you $75 an hour and will take an hour or two,” Irvine says of such services, adding that you should make sure to change your passwords so the person who set your system up doesn’t gain access to all the smart devices in your home.
Update your software. If a device sends you a patch to protect your equipment from malware or offers some sort of software update, don’t ignore it, Williams urges. “Deployment is sometimes a hassle, but you want to mitigate your risk and exposure the best you can,” he says. Besides, hassle or not, those updates are sent for a reason. Share this advice with anyone in the family or staff who has a smart key or app on their phone. It’s all networked, so one vulnerable device can put all of the others at risk.
Protect your phone. As smart homes are closely tied to cell phones, you don’t want to lose one. Set up safeguards in case you do. Irvine stresses the importance of having a more than PIN number to lock your smartphone so others can’t access it. He admits that for a hacker, “the PIN is nothing but a nuisance.” He says most hackers can get around the PIN number within 15 seconds to five minutes. Try pattern or face recognition on top of a pin.
Pass on new tech – for now. Don’t be an early adapter. Wait for new smart home technology to work out the kinks before installing it on the property you manage. Our tech installer says you may want to wait a year or more before installing a new device. 2nd generation tech tends to be more stable and less hackable, as it’s the lessons were learned on the first iteration.
“It’s up to the designers of the hardware and software to design ways to prevent hacking. We don’t have the details of the designs used to run these systems,” …”The smart home systems are still very fragmented,” he says. But as more companies get into the business and smart homes become even smarter, he says the risks of hacking will decrease
Stay tuned for upcoming conversations about cybersecurity awareness. Join the cybersecurity group if you’d like to participate in the planning process.
