With new smart home devices being announced at CES in January, which will soon hit the Australian market, Avast's security experts are "encouraging Australians to shore up their home security when buying new smart home technology".
Luis Corrons, Avast’s Security Expert said: “Smart home devices can entertain and save us time to enjoy the things that matter, but they can also become liabilities with cyber attackers eyeing them as soft targets.
"Cyber attackers can exploit the security weaknesses of smart home devices to gain access to your household networks to take sensitive data or even more alarmingly, to take control of your devices and monitor you and your family.”
According to a study released late last year by Telsyte, the COVID-19 pandemic has "sparked a mini-boom in connected devices as Australians look to improve their ‘at-home’ lifestyle, with 61% of Australian households adopting at least one smart home product at the end of June 2020.
"Telsyte’s market tracking also found that the average number of connected devices is expected to increase from 18.9 in 2019 to 35.6 by 2024, with half expected to be made up with IoT (Internet of Things) home devices."
Corrons added: “Australians looking to upgrade or start investing in smart home technology this year, should consider buying devices from well-known reputable manufacturers which are more likely to have more security features and provide device updates so firmware can be updated with latest versions and patches.
"When you set you setup your device, ensure you change the default password to something complicated and consider installing a digital security product, like Avast Free Antivirus or Avast Premium Security, that allows you scan your local network for insecure IoT devices."
Here are Corrons' simple steps to help Australian households reinforce their security around smart home devices:
1. Take the time to pick the right smart home devices – When buying a new smart home device, consider buying products from well-known reputable manufacturers. They are more likely to have produced devices with security in mind. Also check that they provide security updates so firmware can be fixed if required. Before you add a new connected device to your network, take the time to understand everything about it, including how it collects and uses your data and the device features to ensure you understand what you can disable for extra security.
2. Change default password - This goes for any device that comes with a default password, not just your Wi-Fi router. When given the option, always change the default password to something complicated. By choosing not to update default login data, homeowners are making it easy for hackers. Most bad actors can guess a default password, allowing them to breach a network and even link a smart home device to a botnet, a collection of internet-connected devices controlled by cyber-criminals.
3. Set up two step authentication - Where possible, homeowners should also strengthen device security by using two-step verification, a process where two authentication methods are needed to gain access which can help prevent attacks if your password is discovered.
4. Update ASAP always - It cannot be stressed enough — keep the firmware of your IoT devices updated with the latest versions and patches available. Remember, the cause for most of these updates is because a security flaw has been found and exploited in the previous version. You want to stop running that compromised version right away. Also when considering a new IoT device, take a look at its update process. Make sure it’s easy and straightforward and that you are notified when a new update is ready.
5. Consider splitting your home network - Splitting a home network in two could also be beneficial. As part of their recommendations for robust digital security, The Federal Bureau of Investigation has suggested homeowners keep devices carrying sensitive data - such as a laptop and smartphones - on a different network from those supporting smart home devices. By using this set-up, a hacker would not be able to directly access a personal laptop if they breached a smart home device. This network could also operate as a secondary network for guests; protecting sensitive devices if their bad browsing behaviour leads to a security problem.
6. Consider cybersecurity - Everyone’s protection is in their own hands these days, so it’s a good idea to call in reinforcements for peace of mind. Consider installing a digital security product that assesses your IoT devices connected to your network, reporting anything abnormal. Wi-Fi Inspector, which is part of Avast Free Antivirus and Premium Security, runs locally on a user’s personal computer and performs network scans of the local subnet to check for devices that accept weak credentials or have remotely exploitable vulnerabilities, alerting users to security problems it finds.
7. Erase your personal data from old smart home security before disposing – If you are getting rid of older smart home security products, make sure that you erase all your data and personal information, delete your account if you no longer need it, and perform a factory reset of the device. Also, make sure to remove the device from your online accounts, networks or apps that you have linked them to.
About the Survey
The survey was conducted by Avast across Avast products in Australia from August to September, with 451 respondents.