It’s
only
a
smart
lightbulb.
Why
would
anyone
want
to
hack
that?
Great
question.
Because
it
gets
to
the
heart
of
security
matters
for
your
IoT
smart
home
devices.
Internet
of
Things
(IoT)
devices
have
certainly
made
themselves
at
home
in
recent
years.
Once
a
novelty,
they’ve
become
far
more
commonplace.
The
numbers
bear
that
out.
Recent
research
indicates
that
the
average
U.S.
household
has
20.2
connected
devices.
Europe
has
17.4
on
average,
while
Japan
trails
at
10.3.
Of
course,
those
figures
largely
account
for
computers,
tablets,
phones,
and
internet-connected
smart
TVs.
Yet
the
study
uncovered
a
sizable
jump
in
the
presence
of
other
smart
devices.
Comparing
2022
to
2021,
smart
homes
worldwide
had:
-
55%
more
cameras. -
43%
more
smart
doorbells. -
38%
more
home
hubs. -
25%
more
smart
light
bulbs. -
23%
more
smart
plugs. -
19%
more
smart
thermostats.
Consider
that
connected
devices
in
the
home
rose
just
10%
globally
during
the
same
timeframe.
It’s
clear
that
IoT
smart
home
device
ownership
is
on
the
upswing.
Yet
has
security
kept
up
with
all
that
growth?
Poor
security
and
consumer
IoT
smart
home
devices
That
security
question
brings
us
back
to
the
lightbulb.
An
adage
in
security
is
this:
if
a
device
gets
connected,
it
gets
protected.
And
that
protection
has
to
be
strong
because
a
network
is
only
as
secure
as
its
weakest
link.
Unfortunately,
many
IoT
devices
are
indeed
the
weakest
security
links
on
home
networks.
Some
recent
research
sheds
light
on
what’s
at
stake.
Cybersecurity
teams
at
the
Florida
Institute
of
Technology
found
that
companion
apps
for
several
big
brand
smart
devices
had
security
flaws.
Of
the
20
apps
linked
to
connected
doorbells,
locks,
security
systems,
televisions,
and
cameras
they
studied,
16
had
“critical
cryptographic
flaws”
that
might
allow
attackers
to
intercept
and
modify
their
traffic.
These
flaws
might
lead
to
the
theft
of
login
credentials
and
spying,
the
compromise
of
the
connected
device,
or
the
compromise
of
other
devices
and
data
on
the
network.
Over
the
years,
our
research
teams
at
McAfee
Labs
have
uncovered
similar
security
vulnerabilities
in
other
IoT
devices
like
smart
coffee
makers
and
smart
wall
plugs.
Vulnerabilities
such
as
these
have
the
potential
to
compromise
other
devices
on
the
network.
Let’s
imagine
a
smart
lightbulb
with
poor
security
measures.
As
part
of
your
home
network,
a
motivated
hacker
might
target
it,
compromise
it,
and
gain
access
to
the
other
devices
on
your
network.
In
that
way,
a
lightbulb
might
lead
to
your
laptop—and
all
the
files
and
data
on
it.
So
yes,
someone
might
be
quite
interested
in
hacking
your
lightbulb.
Botnets:
another
reason
why
hackers
target
smart
devices
One
Friday
morning
in
2016,
great
swathes
of
the
American
internet
ground
to
a
halt.
Major
websites
and
services
became
unresponsive
as
internet
directory
services
got
flooded
with
millions
and
millions
of
malicious
requests.
As
such,
millions
and
millions
of
people
were
affected,
along
with
public
agencies
and
private
businesses
alike.
Behind
it,
a
botnet.
An
internet
drone
army
of
compromised
IOT
devices
like
digital
video
recorders
and
webcams.
Known
as
the
Mirai
botnet,
its
initial
purpose
was
to
target
Minecraft
game
servers.
Essentially
to
“grief”
innocent
players.
Yet
it
later
found
its
way
into
other
hands.
From
there,
it
became
among
the
first
high-profile
botnet
attacks
on
the
internet.
Botnet
attacks
can
be
small
and
targeted,
such
as
when
bad
actors
want
to
target
a
certain
business
(or
game
servers).
And
they
can
get
as
large
as
Mirai
did.
Regardless
of
size,
these
attacks
rely
on
compromised
devices.
Consumer
IoT
devices
often
get
targeted
for
such
purposes
for
the
same
reasons
listed
above.
They
can
lack
strong
security
features
out
of
the
box,
making
them
easy
to
enlist
in
a
botnet.
In
all,
the
threat
of
botnets
makes
another
strong
case
for
securing
your
devices.
How
to
protect
your
smart
home
network
and
IoT
devices
To
put
a
fine
point
on
it,
security
in
your
smart
home
is
an
absolute
must.
And
you
can
make
your
smart
home
far
more
secure
with
a
few
steps.
Grab
online
protection
for
your
smartphone.
Many
smart
home
devices
use
a
smartphone
as
a
sort
of
remote
control,
and
to
gather,
store,
and
share
data.
So
whether
you’re
an
Android
owner
or
an
iOS
owner,
protect
your
smartphone
so
you
can
protect
the
things
it
accesses
and
controls—and
the
data
stored
on
it
too.
Don’t
use
the
default—Set
a
strong,
unique
password.
One
issue
with
many
IoT
devices
is
that
they
often
come
with
a
default
username
and
password.
This
could
mean
that
your
device
and
thousands
of
others
just
like
it
share
the
same
credentials.
That
makes
it
easy
for
a
hacker
to
access
to
them
because
those
default
usernames
and
passwords
are
often
published
online.
When
you
purchase
any
IoT
device,
set
a
fresh
password
using
a
strong
method
of
password
creation.
Likewise,
create
an
entirely
new
username
for
additional
protection
as
well.
Use
multi-factor
authentication.
Banks
and
other
online
services
commonly
offer
multi-factor
authentication
to
help
protect
your
accounts.
In
addition
to
using
a
username
and
password
for
login,
it
sends
a
security
code
to
another
device
you
own
(often
a
mobile
phone).
It
throws
a
big
barrier
in
the
way
of
hackers
who
try
to
force
their
way
into
your
device
with
a
password/username
combination.
If
your
IoT
devices
support
multi-factor
authentication,
consider
using
it
with
them
too.
Secure
your
internet
router
too.
Another
device
that
needs
good
password
protection
is
your
internet
router.
Make
sure
you
use
a
strong
and
unique
password
as
well
to
help
prevent
hackers
from
breaking
into
your
home
network.
Also
consider
changing
the
name
of
your
home
network
so
that
it
doesn’t
personally
identify
you.
Fun
alternatives
to
using
your
name
or
address
include
everything
from
movie
lines
like
“May
the
Wi-Fi
be
with
you”
to
old
sitcom
references
like
“Central
Perk.”
Also
check
that
your
router
is
using
an
encryption
method,
like
WPA2
or
the
newer
WPA3,
which
will
keep
your
signal
secure.
Upgrade
to
a
newer
internet
router.
Older
routers
might
have
outdated
security
measures,
which
might
make
them
more
prone
to
attacks.
If
you’re
renting
yours
from
your
internet
provider,
contact
them
for
an
upgrade.
If
you’re
using
your
own,
visit
a
reputable
news
or
review
site
such
as
Consumer
Reports
for
a
list
of
the
best
routers
that
combine
speed,
capacity,
and
security.
Update
your
apps
and
devices
regularly.
In
addition
to
fixing
the
odd
bug
or
adding
the
occasional
new
feature,
updates
often
fix
security
gaps.
Out-of-date
apps
and
devices
might
have
flaws
that
hackers
can
exploit,
so
update
regularly.
If
you
can
set
your
smart
home
apps
and
devices
to
receive
automatic
updates,
select
that
option
so
that
you’ll
always
have
the
latest.
Set
up
a
guest
network
specifically
for
your
IoT
devices.
Just
as
you
can
offer
your
guests
secure
access
that’s
separate
from
your
own
devices,
you
can
create
an
additional
network
on
your
router
that
keeps
your
computers
and
smartphones
separate
from
IoT
devices.
This
way,
if
an
IoT
device
is
compromised,
a
hacker
will
still
have
difficulty
accessing
your
other
devices
on
your
primary
network
that
hosts
your
computers
and
smartphones.
Purchasing
IoT
smart
home
devices
(with
security
in
mind)
You
can
take
another
strong
security
step
before
you
even
bring
that
new
smart
device
home.
Research.
Unfortunately,
there
are
few
consumer
standards
for
smart
devices.
That’s
unlike
other
household
appliances.
They
must
comply
with
government
regulations,
industry
standards,
and
consumer-friendly
standards
like
Energy
Star
ratings.
So,
some
of
the
research
burden
falls
on
the
buyer
when
it
comes
to
purchasing
the
most
secure
devices.
Here
are
a
few
steps
that
can
help:
1)
Check
out
trusted
reviews
and
resources.
A
positive
or
high
customer
rating
for
a
smart
device
is
a
good
place
to
start,
yet
purchasing
a
safer
device
takes
more
than
that.
Impartial
third-party
reviewers
like
Consumer
Reports
will
offer
thorough
reviews
of
smart
devices
and
their
security,
as
part
of
a
paid
subscription.
Likewise,
look
for
other
resources
that
account
for
device
and
data
security
in
their
writeups,
such
as
the
“Privacy
Not
Included”
website.
Run
by
a
nonprofit
organization,
it
reviews
a
wealth
of
apps
and
smart
devices
based
on
the
strength
of
their
security
and
privacy
measures.
2)
Look
up
the
manufacturer’s
track
record.
Whether
you’re
looking
at
a
device
made
by
a
well-known
company
or
one
you
haven’t
heard
of
before,
a
web
search
can
show
you
if
they’ve
had
any
reported
privacy
or
security
issues
in
the
past.
And
just
because
you
might
be
looking
at
a
popular
brand
name
doesn’t
mean
that
you’ll
make
yourself
more
private
or
secure
by
choosing
them.
Companies
of
all
sizes
and
years
of
operation
have
encountered
problems
with
their
smart
home
devices.
What
you
should
look
for,
though,
is
how
quickly
the
company
addresses
any
issues
and
if
they
consistently
have
problems
with
them.
Again,
you
can
turn
to
third-party
reviewers
or
reputable
news
sources
for
information
that
can
help
shape
your
decision.
3)
Look
into
permissions.
Some
smart
devices
will
provide
you
with
options
around
what
data
they
collect
and
then
what
they
do
with
it
after
it’s
collected.
Hop
online
and
see
if
you
can
download
some
instructions
for
manuals
for
the
devices
you’re
considering.
They
might
explain
the
settings
and
permissions
that
you
can
enable
or
disable.
4)
Make
sure
it
uses
multi-factor
authentication.
As
mentioned
above,
multi-factor
authentication
provides
an
additional
layer
of
protection.
It
makes
things
much
more
difficult
for
a
hacker
or
bad
actor
to
compromise
your
device,
even
if
they
know
your
password
and
username.
Purchase
devices
that
offer
this
as
an
option.
It’s
a
terrific
line
of
defense.
5)
Look
for
further
privacy
and
security
features.
Some
manufacturers
are
more
security-
and
privacy-minded
than
others.
Look
for
them.
You
might
see
a
camera
that
has
a
physical
shutter
that
caps
the
lens
and
blocks
recording
when
it’s
not
in
use.
You
might
also
find
doorbell
cameras
that
store
video
locally,
instead
of
uploading
it
to
the
cloud
where
others
can
potentially
access
it.
Also
look
for
manufacturers
that
call
out
their
use
of
encryption,
which
can
further
protect
your
data
in
transit.
If
a
device
gets
connected,
it
gets
protected
Even
the
smallest
of
IoT
smart
home
devices
can
lead
to
big
issues
if
they’re
not
secured.
It
only
takes
one
poorly
secured
device
to
compromise
everything
else
on
an
otherwise
secure
network.
And
with
manufacturers
in
a
rush
to
capitalize
on
the
popularity
of
smart
home
devices,
sometimes
security
takes
a
back
seat.
They
might
not
thoroughly
design
their
products
for
security
up
front,
and
they
might
not
regularly
update
them
for
security
in
the
long
term.
Meanwhile,
other
manufacturers
do
a
fine
job.
It
takes
a
bit
of
research
on
the
buyer’s
part
to
find
out
which
manufacturers
handle
security
best.
Aside
from
research,
a
few
straightforward
steps
can
keep
your
smart
devices
and
your
network
safe.
Just
as
with
any
other
connected
device,
strong
passwords,
multi-factor
authentication,
and
regular
updates
remain
key
security
steps.
For
a
secure
smart
home,
just
remember
the
adage:
if
a
device
gets
connected,
it
gets
protected.
About Author
