I am a new home owner and recently went to the local big box hardware store in search of the induction stove of my dreams. As I navigated the maze of shiny home appliances, a refrigerator with a built-in display caught my eye. Putting aside my initial confusion about the need for a screen and an Alexa connection on an appliance that only has one job, I was surprised to see that the fridge showed a security confirmation error.
(Photo: Kim Key)
The error shown in the photo occurs when the common name of the site’s security certificate does not match the domain. For example, if a website does not include a version of its name without the www in its certificate, you get an error when you try to access the website without it.
The fridge is probably fine, and the certification error is probably benign. However, it’s important to remember that there are real privacy and security risks when bringing internet-connected devices into your home. I don’t mean to scare you away from creating a smart home by listing all the theoretical ways a hacker could get into your smart home devices and wreak havoc. Most hackers are in the business of making money and collecting data from their victims, not trying to annoy them by fiddling with the thermostat.
Trade Your Data and Safety for a Cold Beer
If you’re surfing the web using a VPN because of privacy concerns, it’s time to disconnect your smart devices. As Malcolm Higgins at security company NordVPN noted in a recent blog post, smart devices are data-harvesting machines(Opens in a new window). These devices monitor how and when you use them and send that information to advertisers or other businesses.
There is also the issue of maintaining basic home security when choosing which smart devices to bring into your living space. In recent years, hackers have found vulnerabilities in smart doorbell cameras, and researchers have noted that smart speakers could be manipulated with lasers. Researchers also found that they could compromise security systems with a smart plug. The takeaway here is that if something in your home is connected to the internet, someone can hack it.
How to Be Safe the Smart Way
Smart home privacy concerns are serious, but you shouldn’t have to sacrifice convenience for safety. Here are four things you can do to help make your smart home more secure:
1. Read both professional reviews and user reviews of products before buying anything.
Have many people complained about their smart dishwasher screen showing DNS errors in the middle of the cycle? If so, avoid that particular model or brand.
It is also helpful to look at the history of the manufacturer. Smart devices are an emerging market, and many new, untested devices are hitting the sales floor. Don’t fall for the hype and slick marketing! Let both professional reviews and user reviews guide you.
Here at PCMag, we have a team of experienced professionals who test the latest and greatest in smart home technology. See our picks for the best smart home devices.
2. Change the default password.
Many devices come with simple, easy-to-guess default passwords that are intended to be changed after you purchase the device. Don’t forget to change it! Make your new password long, strong, and hard to guess, and store the password in a password manager.
3. Review the privacy and security settings.
Sometimes you can limit the amount of data a device collects, stores or transmits. You may be able to opt out of sharing some or all of your data with third party advertisers. Comb through the privacy and security settings to see what’s available. You should review these options not only for new devices but for devices you’ve owned for a while in case new options appear through updates since you first purchased the product.
4. Check your router’s security settings.
Recommended by Our Editors
Most smart devices will use your router to get online, leaving your smart home data open to view if a hacker breaks into your router. Improve your router’s security by changing the login code and using a long, complex and unique password.
Like what you are reading? Get an extra story delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.
What Else Is Happening in the World of Security This Week?
Mullvad VPN Removes The Ability To Create New Subscriptions. One-time payments offer the most privacy, so Mullvad is the only option.
Capital One Hacker Convicted of 7 Federal Felonies. Paige Thompson stole the personal data of more than 100 million Capital One customers and installed cryptocurrency mining software on hacked servers to get her profits.
US Shuts Down Massive Botnet Masquerade as Proxy Service. The Justice Department says the Russian-controlled RSocks botnet was involved in millions of compromised devices around the globe.
WTF? Do I have to pay for Microsoft Defender Antivirus Now? Microsoft’s recent announcement sends users into a panic with the implication that Microsoft’s credible antivirus tool is no longer free. The truth is a little more nuanced.
Telegram founder Pavel Durov owes me a million dollars. Max Eddy breaks down his public beef with Pavel Durov, and why he continues to recommend Signal for secure communications.
Like What Are You Reading?
Register for SecurityWatch newsletter of our top privacy and security stories delivered straight to your inbox.