Who is the Administrator of Things in Your Home?

phone security keyhole

Managing intelligent devices within the household is a 24-hour job that requires energy and a new set of skills that not everyone is ready to learn. But, as ordinary people accumulate more smart gadgets, they will have to manage them like professional IT administrators– taking care of multiple users while fixing hardware and software issues on the go.

Thus, as a side effect of our increasingly technologized homes, we are witnessing the emergence of the “admin of Things” – a role that every home resident needs to master to get the most out of smart gadgets.

Every user should know how many devices a household has, how they operate, their security stance, who uses them, if the software is updated regularly by the manufacturer and, very importantly, if and how often they get attacked.

To tackle this administrative burden with security and privacy in mind, here are the first measures to take in your new role:

1.      Make an inventory of gateways an attacker may exploit

Create a list of the devices connecting to your home network and start thinking like a hacker. How does each device connect? Bluetooth, Wi-Fi or something proprietary? Can it be controlled by a tablet or smartphone? Does it require a PIN or password? Is the data transfer encrypted?

If, for instance, your smart TV sends unencrypted data about your location and viewing preferences to the vendor’s servers, a classic man-in-the middle attack can allow anyone to listen in and find out details about your habits. It can get worse, as smart televisions are frequently deployed in company boardrooms, replacing projectors. Remember the Open DNS report that revealed Samsung TVs beacon out almost every minute to servers in the US, Asia and Europe?

Also, frequently change passwords to your TV apps, turn off Wi-Fi and disable any default features that are not in use or unnecessary.

2.      Review and change credentials

You might discover that your router still uses the default password or that router passwords are stored in plain text. You will probably find one of these three combinations: admin/admin, admin/password, admin/<no-password>.

In this scenario, someone with average hacking skills could brute force himself into your entire network and remotely execute system commands with the highest administrative privileges. As a result, the attacker could control your home devices and access unsecured data like banking or financial information, browsing history or photos stored on your PC, tablet or smartphone.

So, change the name and pre-set password of your router, using a strong one with a mix of numbers, letters and symbols. Also, review your security options: when choosing your router’s level of security, opt for WPA2, if available, or WPA. Both are more secure than the WEP option.

3.      Monitor device manufacturer notifications

Firmware updates are vital for fixing bugs and other critical security problems, so update regularly to keep your device in top shape. Check the manufacturer’s websites, feeds, e-mails for notifications of device operational issues and firmware updates.

4.      Close open ports

In a home, an unlocked door is a risk. The same goes for unused ports on a switch. When scanning for vulnerabilities, you might find open, unsecured ports on your network, despite ISPs blocking. The more allowed programs or open ports your firewall has, the more opportunities for hackers or malicious software to spread worms, steal your files or use your computer to infect others with malicious software. To prevent network intrusions, perform a port scan and close unused ports from your operating system’s firewall solution. Also, firewall, block or restrict access to services that don’t need Internet access.

5.      Secure your network

IoT devices have all sorts of proprietary firmware, so it’s impossible to install a security solution on each of them. Fortunately, there’s one integrated home cyber-security solution that secures your entire network and all the devices connected to it.

Bitdefender BOX is a hardware device that secures the network connecting all your gadgets – laptops, PCs, smartphones, smart thermostats, wireless video cameras, smart TVs — any smart object that can't run antivirus software.

It inspects traffic to provide anti-phishing protection, malicious-website alerts, detection and quarantining of malware entering your systems or rogue users. Bitdefender BOX also protects mobile devices, Macs and other laptops that travel out of the home by installing its own virtual private network (VPN) software on client devices. It runs whenever a device connects to a Wi-Fi hotspot.

Now that you’ve established a full list of potential vulnerabilities, and have taken steps to mitigate each potential threat, you are one step closer to transforming your internet-connected home into a digital fortress.

Subscribe to the Best of Macworld Newsletter