Skip to main content

Security Implications of Home Automation

Brandon Hall
Director of Technology

Home automation is gaining popularity and is actually a pretty exciting concept. You can get a thermostat you can control with your cell phone or voice with an Amazon Echo, lights you can schedule through a website, or set them to come on when a specific event happens using sensors in your home such as a door opening. There are a ton of different things such as this and they all are little mini computers, which means they can potentially be compromised and used without your knowledge. Luckily there are some steps you can take to make them as safe as possible. Three things to keep a home automation project safe, you should only buy devices that had security in mind from the factory and use the provided security measures, you should segment your network, and you should monitor their behavior/traffic.

Be sure to select devices that are built with security in mind from the start. If a device has a default password that can’t be changed, that’s a problem! Turn on the security measures they provide on the devices and turn off things that you aren’t planning on using. If you don’t need to control your light switch from a web page while you’re in Canada, don’t turn on internet based access. There are many more examples of this and they are all specific to your devices and your project, so just keep these things in mind as you are installing the systems.

Segment your network. Give your home automation systems their own network to play, so if they do get compromised, they don’t have access to your home PC or other devices that are used for work or may have client data on them. To mix these two is asking for trouble. Setup VLANs or a whole separate network on your router or better yet your firewall with wireless capability, and ensure that these networks cannot interact with one another except for the internal web access to the controller or hub. You’ll need that to control your automation system via its internal webpage.

Lastly, monitor the traffic that is sent out to the internet from your devices. This would be a feature of the firewall or router, and can normally be setup to send an emailed report to you on what your devices have been talking to on the internet. Once setup, there should be minimal need for your devices to talk to the internet, and ultimately it should only be to the servers controlled by the manufacturer for things such as updates, and some of them do analytics to see how your furnace and square footage compares with similar houses, which can be used to see if you need more insulation or something may be wrong with your furnace, etc.

First Heartland obviously cannot help setup a home automation system, but these devices directly affect the security of your home network and precautions must be taken to safeguard client data from all threats, including the internet of things. I hope this will help all of you be mindful when installing and purchasing devices to help simplify your home living experience.


Read more articles from the December newsletter
Share this