I’m a new homeowner and recently ventured to the local big box hardware store in search of the induction stove of my dreams. While navigating a maze of gleaming home appliances, a refrigerator with a built-in display caught my eye. Putting aside my initial confusion over the need for a screen and an Alexa connection on an appliance that only has one job, I was surprised to see that the fridge displayed a security certificate error.
(Photo: Kim Key)
The error shown in the photo happens when the common name of the site’s security certificate does not match the domain exactly. For example, if a website does not include a version of its name without the www in its certificate, you get an error when you try to access the website without it.
The fridge is probably fine, and the certificate error is likely benign. Still, it’s important to remember that there are real privacy and security risks when bringing internet-connected devices into your home. I don’t intend to scare you away from creating a smart home by listing all the theoretical ways a hacker could get into your smart home devices and wreak havoc. Most hackers are in the business of making money and collecting data from their victims, not trying to annoy them by fiddling with the thermostat.
Exchanging Your Data and Safety for a Cold Beer
If you’re surfing the web using a VPN because of privacy concerns, it’s time to disconnect your smart appliances. As Malcolm Higgins at security company NordVPN noted in a recent blog post, smart devices are data-harvesting machines(Opens in a new window). These devices monitor how and when you use them and send that information to advertisers or other businesses.
There’s also the issue of maintaining basic home security when choosing which smart devices to bring into your living space. In recent years, hackers found vulnerabilities in smart doorbell cameras, and researchers noticed smart speakers could be manipulated with lasers. Researchers also found they could compromise security systems with a smart plug. The takeaway here is that if something in your home is connected to the internet, someone can hack it.
How to Stay Safe the Smart Way
Smart home privacy concerns are serious, but you shouldn’t have to sacrifice convenience for safety. Here are four things you can do to help make your smart home more secure:
1. Read both professional reviews and user reviews of products before buying anything.
Have many people complained about their smart dishwasher’s screen showing DNS errors mid-cycle? If so, avoid that particular model or brand.
It’s helpful to look into the history of the manufacturer as well. Smart devices are an emerging market, and many new, untested appliances are hitting the sales floor. Don’t give in to the hype and slick marketing! Let both professional reviews and user reviews guide you.
Here at PCMag, we have a team of experienced professionals who test all the latest and greatest smart home tech. Have a look at our picks for the best smart home devices.
2. Change the default password.
Many devices come with simple, easy-to-guess default passwords intended to be changed after you purchase the device. Don’t forget to change it! Make your new password long, strong, and difficult to guess, and store the password in a password manager.
3. Review the privacy and security settings.
Sometimes you can limit how much data a device collects, stores, or transmits. You may also be able to opt-out of sharing some or all of your data with third-party advertisers. Comb through the privacy and security settings to see what’s available. You should review these options for not only new devices but ones you’ve owned for a while in case new options have appeared through updates since you first bought the product.
4. Check your router’s security settings.
Recommended by Our Editors
Most smart devices will use your router to get online, which leaves your smart home’s data open for viewing if a hacker breaks into your router. Beef up your router’s security by changing the login code and using a long, complex, unique password.
Like what you’re reading? Get an extra story delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.
What Else Is Happening in the Security World This Week?
Mullvad VPN Removes Ability to Create New Subscriptions. One-time payments offer the most privacy, so Mullvad makes them the only option.
Capital One Hacker Convicted of 7 Federal Crimes. Paige Thompson stole the personal data of more than 100 million Capital One customers and installed cryptocurrency mining software on hacked servers for her gain.
US Shuts Down Massive Botnet That Masqueraded as a Proxy Service. The Justice Department says the Russian-controlled RSocks botnet involved millions of compromised devices across the globe.
WTF? Do I Have to Pay for Microsoft’s Defender Antivirus Now? A recent Microsoft announcement throws users into a panic with the implication that Microsoft’s venerable antivirus tool is longer free. The truth is a bit more nuanced.
Telegram Founder Pavel Durov Owes Me a Million Dollars. Max Eddy breaks down his public beef with Pavel Durov, and why he continues to recommend Signal for secure communication.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.