As a followup to a recent survey indicating that more than half of consumers who own a connected home device are concerned about how it may impact their privacy, we ask Ben Coulston, Metova’s Lead Architect and Andrew Cowart, CTO at Metova, how consumers can protect their privacy.
What can consumers do to protect their privacy when using connected home devices?
[Ben] The most common and simple way to protect your privacy on a home network with multiple devices like phones, tablets, and personal computers is to utilize the wireless security modes that are packaged with most routers in the market. Most of the time, your ISP (internet service provider) will provide a router with your internet service at a nominal monthly cost, or you can choose to purchase one. Routers are very common appliances and are sold anywhere from department stores like Wal-Mart to entertainment and electronic stores like Best Buy and Radio Shack as well as online.
Learn the basics of managing your router and home network via the administrative portals most router manufacturers provide. Learn how to manage passwords and view and manage devices connected to the network. Manuals are usually provided with the router or are available online to teach those basics.
What about passwords for connected home devices?
[Ben] Password protection is the most common form of security packaged with routers. When setting up your home network, ensure you or the ISP representative sets up one of the following:
- WEP (Wired Equivalent Protocol)
- 10-26 character password
- Weakest form of password protection
- WPA Personal (Wi-Fi Protected Access)
- 8-63 character password
- Strong form of password protection
- Uses TKIP (Temporal Key Integrity Protocol) for encryption
- WPA2 Personal (Wi-Fi Protected Access)
- 8-63 character password
- Strongest form of password protection
- Uses AES (Advanced Encryption Standard) for encryption
WPA2 Personal is the most commonly utilized password protection option on modern routers. Once your password is created, make sure to store in a secure location and be careful who is given access to your network.
What about periodically changing your passwords or using the ‘guest access’ functionality on routers?
[Andrew] Periodically changing your passwords is solid security guidance for all aspects of your online safety. More importantly than that, even, is not reusing your password between sites. The most common way that people get their online accounts compromised is by reusing their passwords between sites, and a smaller, less secure site they registered an account with gets successfully compromised.
Guest access functionality on routers really puts the guest devices on a “seperate” network, where they can’t see your connected devices. So if you have personal computers or Network Attached Storage or a security camera, for example, and you let your guest on your normal network, they may be able to see those devices — and if they had some bad intentions, may be able to effectively attack them. A guest network would segregate the guest devices into their own network, and not give them access to your other devices.
Are there certain precautions or things parents should be aware of involving connected devices and children?
[Ben] The easiest way to manage your home network is to limit control. Keep access to the administrative portal and learn to manage the devices on your network, and be the bottleneck for giving access to friends of your children or those who aren’t normally on the network.
Fortunately, NETGEAR and other modern router manufacturers provide parental controls that can ensure your children can’t access certain types of inappropriate content including blocking websites, blocking categories, and detecting when your children accidentally interact with malware. Each manufacturer provides different levels of granularity, so get familiar with those features and utilize them to protect your family.
There are now tons of network connected cameras and baby monitors. We think we’re the one’s utilizing these in our home, but are we at risk of being watched and heard when we install these devices in our home?
[Andrew] This is a definite problem, but it’s primarily not an intentional issue from the manufacturer, rather a company that doesn’t know what they’re doing or doesn’t provide good automatic updates for their devices can sell devices that have vulnerabilities. In these cases, a flaw in the camera security code or a weak password being used can lead to online attackers getting access to the camera. This is another spot where we’re going to recommend the big name brands, as well as setting strong passwords that rotate on a periodic basis on anything you’re exposing to the internet.
What about voice-controlled home entertainment systems such as Alexa and Google Home? Are they listening to everything we say? Should we be concerned that our conversations around the house are ending up as a data point somewhere? Are we giving up a certain amount of security for the benefit of what these services can do for us or is there a way to be certain that someone (or something) out there isn’t listening?
[Andrew] Voice controlled systems are listening to everything we say, but they’re not transmitting it all — that’s just a lot of data, that would be very noticeable if it was actually being sent. They’re always listening, but only for keywords that then cause the ongoing text to be transmitted. However, there’s nothing that prevents this from being activated in the future, aside from the public backlash that would happen if that ever happens and is discovered.
This is really where we recommend sticking to the big brands. Google, Amazon, and Apple would not risk their reputation for their devices to send that back, and their devices are under heavy scrutiny by security researchers each hoping to be the one to report that lead if it ever does occur.
How concerned do you feel consumers need to feel about privacy with connected devices?
[Ben] With the increased utilization of the internet at various ages and the sheer amount of devices we connect to a home network, privacy and security are becoming more and more important. Luckily, it’s also becoming easier to learn to manage the security of your home network. While administrative portals used to be catered towards the super user, manufacturers are stepping up their game and making these portals more user friendly and accessible to the normal user. Netgear in particular provides access to the admin portal from mobile devices as well as through the web and has put significant effort into sleek interfaces to manage the network. Now is definitely the time to learn as the documentation and user guides are much easier to consume, so there is less of an excuse to ignore it!
Do certain platforms have better security and privacy facilities?
[Ben] I can’t say there is a specific platform or manufacturer that provides the best security and privacy because every situation is different. The security needs of a home network are going to be very different that securing a small business or enterprise. Fortunately, every manufacturer and platform from NetGear to Linksys to more enterprise platforms like Cisco are going to provide the necessary levels of security to meet those needs. My recommendation would be to do your research and utilize experts to help guide you towards the right platform for you.
Is there any way to know when someone (or something) is accessing my network without my permission? Are there tools I can use that will alert me if something unusual is going on with my network? Like a new device connection, etc?
[Andrew] For network security, the first thing you can buy that will help the most is really getting a solid router, which acts as your gateway between your devices and the internet. Many of them offer features that can let you increase your security — Google WiFi, for example, lets you see which devices are connected to your network, as well as historical usage of those devices (helping you detect unusual activity). Most reputable routers will also include a firewall, blocking outside connections that you didn’t initiate, or stopping potentially malicious scans.
