For those consumers embarking on a journey into home automation, here are some mostly simple steps to protecting the devices as much as possible.
Lock down the router
Routers are the digital doorway to the home, and a poorly-secured router can allow an online attacker easy access to all the home automation devices in your network. In May, for example, security firm Incapsula found that a group of attackers had turned routers with default passwords into a botnet that they then used to take down Web sites using a denial-of-service attack.
Users should invest in a router with a good security track record, make sure that the default admin password has been changed, and that it's running the most current firmware.
Prevent tampering with devices
Getting two minutes with devices in the home did not give the attacker enough of a window to modify the devices, according to security firm Synack's study. Devices with a USB update mechanism, however, were vulnerable to quick compromise.
Home users should put devices in places where untrusted people cannot easily access them, with particular emphasis on devices with a management port.
Go with a cloud service
Cloud services designed to help a consumer manage home-automation devices, such as Vivint, ADT, or a similar service provider, typically cost money and can open up privacy and security issues if not properly secured. Yet, for most situations, the service provider does a better job securing the service than a home user can. If you do not use a cloud service, you will be responsible for checking the security of the systems yourself.
So consumers should shell out the cash to make their home-automation more convenient and more secure at the same time. However, users do need to pick a complex password and should also ask about two-factor authentication, which adds another layer of security to accessing the account.
Update the devices
Many of the developers creating the software for home-automation products are relative novices when it comes to security. David Jacoby, a security analyst with Kaspersky Lab, attempted to hack his home and found a number of simple vulnerabilities in his home storage product that gave him a beachhead into the network.
"The developers have the excuse that they are not security people," he says. "But we need to get the vendors to patch the vulnerabilities that they learn about."
Because so much security functionality needs to be improved, applying updates is a critical step to insuring home-automation devices remain secure from the simplest attacks, he said.
Go with a name brand
A company that is just dabbling in home automation will not take the security of their products seriously. Consumer should focus on companies that have committed to their products and the security of those products, says Synack's Moore.
Sign up for Computerworld eNewsletters.