How to Protect Your Home From Smart Lock Hackers

Thursday, February 13, 2014 by under Cyber Security/Hacking, IoT (Internet of Things), Smart Home, Top Tips

Smart locks let homeowners remotely lock or unlock their doors from their smartphones or computers. This feature can be a highly convenient way to:

  • Let visitors in when you’re not home (think family, house sitters, cleaners, babysitters, etc.).
  • Lock doors that you forgot to secure before leaving.
  • Ensure that you never get locked out again.

But, with anything connected to the Internet, security must be a top priority. CNNMoney recently did a feature on the vulnerabilities present in some home devices—in particular VeraLite’s smart home controls—exposing how hackers may be able to control your locks and change PINs. See below for the piece:

At Vector Security, we are committed to keeping you safe, and offering the best products, services and securities. We work closely with all of our manufacturers to ensure they uphold security and safety standards not just at product rollout, but through the life of the product. The products we install in people’s homes are those we would put in our own homes. To prevent the above (and similar hacks) from happening to you, we worked with our manufacturers to compile the below recommendations.

1. Choose Z-Wave Certified Devices

The lock hack shown in the above CNN video resulted from an exploit of the device’s operating system—specifically, the back door was left open. This is a known hack that the best manufacturers guard against.

To ensure your device’s operating system is intact, double check that it is Z-Wave certified prior to installation. Products with this seal of approval have been rigorously tested for performance and security. Vector Security only recommends vendors who use Z-Wave certified products.

Yale, Kwikset and Schalage—the largest providers of locks—are all certified. However, be wary of knockoff or uncertified brands. For a list of all certified locks and other smart home products, visit the Z-Wave website.

2. Ensure Safe Network Operations Centers (NOC)

The network operations center manages your interactive service network, and is where your data is stored offsite. Vector Security relies on Alarm.com and Honeywell for NOC management—both of which meet international security standards.

When installing interactive services, ask your provider to verify who operates the NOC and to verify that they are ISO/IEC 27001:2005 accredited. This widely recognized standard is designed to ensure adequate security controls are in place to protect your information. It includes network protection, as well as physical facility and personnel (background checks, access control, etc.) security.

3. Carefully Follow Installation Instructions

Manufacturers also recommend that dealers and customers follow all recommendations and protocols when installing and managing devices and networking components.

As a consumer, select a partner that is committed to your utmost protection. A good indicator is often if they are able to intelligently answer your questions on the above—Z-Wave and NOC certification, and are proactive in addressing secure home networking practices with you.

4. Practice Secure Home Networking

As eluded above, it’s also up to the homeowner to practice safe computing.

Regardless of the device security, an unsecured network will leave you vulnerable to unauthorized use of your Internet connection—making you a potential target for information hacks or cybercrimes. To secure your network, StaySafeOnline.org recommends these five tips:

  1. Give your router a unique name, instead of using the default provided by the manufacturer, so others can’t guess it.
  2. Don’t use the pre-set password, and update your password frequently. Microsoft offers a tool to check the strength of your passwords, but in general, use at least eight characters of varying types (numbers, symbols, etc.), and don’t use the same passwords across applications.
  3. Create a guest password, if you have frequent visitors.
  4. Pick WPA2 (preferred) or WPA router security levels, as they have stronger encryption than WEP. (This article explains the difference in these security settings and their protection strength.) For most routers, simply log in to the settings to update your security mode to the safer options.
  5. Use a firewall, which can help identify and protect you from hacker threats. Most operating systems and security software come with pre-installed firewalls, as long as you turn those features on.

If unsure, ask your provider to help navigate you through the appropriate settings. Also, as learned in the CNNMoney example, it’s a best practice to only open secure emails from people and brands you trust.

What questions and concerns do you have about interactive services? Let us know in the comments; we’d be happy to address them.

Image Source: FlickR Creative Commons, Jamison Judd

   

Please read our commenting policy before posting comments.


comments powered by Disqus