While we’ve latched on to the conveniences smart homes bring to our everyday lives, we often don’t think about the potential security risks. Many of today’s smart devices don’t prioritize security — and even when they do prioritize security, we don’t. We’re used to running antivirus and installing security patches on our PCs and our smartphones, but not used to the idea that our smart lightbulbs need to be updated regularly. According to security researchers at Georgia Tech and the University of North Carolina at Chapel Hill, you should be concerned; and to show you, they put together YourThings Scorecard so you can see just how vulnerable your devices are.
The YourThings Scorecard judges smart home devices in four areas — the device, the mobile app for the device, internet services that the device uses and communication between your device and other devices both locally and via the internet. The researchers looked at configuration options, known vulnerabilities, and security problems that could be exploited.
YourThings is very useful because, unless you're tech savvy, it's hard to tell when your connected home devices need patches or how to patch them. And, sometimes it doesn’t even take much in the way of “hacking” — some smart home devices may have default passwords or gaping security flaws that make them easy to access. And knowing where the security issues lie with your devices will help you determine what step you need to stay safe.
YourThings has rankings for 45 devices (with more to come), which barely scratches the surface of the smart home. But it does give us a worrying look at the lack of security on our smart devices.
Of the gadgets on the list, the Nest Camera earned one of the best scores, with a perfect grade for network security, but only a D grade for its potentially-exploitable mobile app. Similarly, the Wink 2 Hub received an almost-perfect score for its cloud security, but an F for the device itself because it has an easily-exploitable default configuration and known security exploits — and it's on consumers to update the device’s settings and firmware. And, Amazon's Fire TV receives an F in mobile security for leaking sensitive data through its mobile app and asking for too many permissions. None of the devices YourThings tested are perfect, and most are in the middle of the road.
Though we can’t fix every vulnerability ourselves, the problems YourThings calls out tells us how to keep our own smart homes secure. Whenever you add a new smart home device to your network:
- Change the default password
- Find out how to apply security updates (and whether any are available)
Those two steps alone can do a lot for your smart home security — and YourThings can tell you if your device doesn’t take care of these security basics on its own.