Thermostats. Doorbells. Ovens. Everything is connected to the internet these days—and vulnerable to cyberattacks.
6 min
The incidents have been unsettling: a homeowner’s thermostat raised to 90 degrees by hackers with no way to turn it down, baby monitors used by online stalkers to spy on families, webcams and other home devices hijacked to help take down corporate computer networks.
Thanks to the boom in “smart home” devices, we now live with vastly more connected gadgets: internet-linked TVs; camera-equipped doorbells; online thermostats, door locks and lightbulbs; web security cameras; and even refrigerators, dishwashers and ovens with Wi-Fi. Each online link provides a tempting target for a hacker.
The problem isn’t simply that somebody can hack a refrigerator or dishwasher, of course. It’s that once a bad actor breaches one of these devices, he or she potentially could control every other device on your home network. What’s more, these gadgets pose privacy concerns since their cameras, microphones and motion sensors could be used to monitor you.
As sales of smart-home devices continue to grow, consumers need to be cautious. Here are some questions and answers about how to thwart digital vandals.
Every new digital device introduced into your home comes with security risks. Most are connected to your Wi-Fi network and many come with an app that links them to your phone via Wi-Fi or your cellphone network. All of these are potential pathways for a hack—and the device with the weakest security could provide a way for hackers to reach the others.
In other words, you are only as safe as your weakest device.
“A lot of these devices don’t even have basic security features or protections,” says Wendy Frank , U.S. cyber internet-of-things leader for consulting firm Deloitte. Most lack virus protection and other security software that is common in personal computers and phones. Many don’t offer automatic updates of software or firmware (the coding that controls devices’ basic functions) from the manufacturer to fix security flaws, also standard with phones and PCs.
Smart-home devices can be exploited to hack into the owners’ private information or attack a website.
In 2016, hackers controlling hundreds of thousands of internet-connected devices, believed to include webcams, smart TVs, printers and even baby monitors, unleashed several massive attacks that knocked out dozens of popular websites, including those of Twitter, Netflix , Amazon and Visa. Such “distributed denial-of-service” attacks instruct the devices to send millions of requests in unison to overwhelm a computer system, causing it to shut down.
Considering the enormous number of U.S. homes with smart devices—more than 60 million—and their low levels of security precautions, they are likely to continue to be tempting targets for all kinds of attacks, says Yuvraj Agarwal , an associate professor of computer science at Carnegie Mellon University. It’s “a disaster waiting to happen,” he says.
Among the potential risks experts cite: People could be locked out of their house by hackers who tapped the security system seeking a ransom. Burglars could listen in over smart speakers to figure out when you aren’t home. Smart lightbulbs could be used as a way to break into personal information on a phone.
First, make sure your Wi-Fi router is secure—the router is the key to your digital home. Use the website or app that controls your router to check that it isn’t using the default password—that same password could have been given to many other customers. Give the router a unique password you use only for that device.
Next, ensure that the router’s security feature called a firewall is turned on, and that it is using encryption called WPA2 or the newer WPA3. And turn on the control to allow automatic software updates, if provided.
As with routers, don’t use the default password they came with. Instead, use a different password for each device, so that if someone were able to figure out, say, the password for your smart doorbell, he or she wouldn’t have access to everything else.
And if a device allows two-factor authentication, be sure to use it. This means that to log in to the device you will need to type in a code sent by text or email, or generated by a device called an authenticator, in addition to the password. That extra step, while annoying, could keep out a hacker.
Yes. Someone could hack into one of your smart devices as a way to break into your Wi-Fi router, and from there could attack your computer, phone and everything else on the same network.
Instead, set up a guest network on your router that has its own unique password and use that network to connect your smart devices. Many routers include such a second network, but you may need to take a few steps to turn it on. Guest networks generally are sealed off from the main Wi-Fi network, so a hacker couldn’t leap from it to the main network.
Check the makers’ security policies online before buying. Look for manufacturers’ statements that they periodically send security updates to the devices and encrypt the communications between the devices and their cloud service. Seek out products that offer two-factor authentication.
Hundreds of types of internet-connected gadgets are sold online by innumerable companies, often at very low prices. “If it costs $5 for a smart plug, most of it is not going toward thinking about security and privacy first,” says Carnegie Mellon’s Agarwal, who does research on smart-device security.
Stick to devices from mainstream makers, since they are more likely to take security considerations seriously and spend the time and money to periodically update these features, he says. These companies don’t want to risk tarnishing their brands with products of questionable security.
Limit how many smart devices you own—the more you have means more pathways for hackers to try to break in. Get fewer, more-secure devices rather than having insecure, cheaper devices in the whole home, says Deloitte’s Frank.
While you might find an Alexa or Google digital assistant useful on the kitchen counter, avoid putting one in a home office where you might talk about confidential financial or work-related topics that could be a juicy reward for a hacker, she adds.
Moreover, disable functions you don’t use or need on the devices, such as the camera on a digital assistant or the ability of the device to save recordings of your voice commands. “Having those turned on creates a larger attack surface” for a hacker, Frank says.
While networks such as Google Home, Apple HomeKit and Amazon Alexa likely have enhanced security, in most cases they also use your home Wi-Fi to connect to their cloud services that run the networks. That raises the same security concerns as relying solely on Wi-Fi, Agarwal says.
A big factor is cost, says Deloitte’s Frank. Adding the level of security found in a laptop computer to a $15 internet-controlled lightbulb could make its price uncompetitive.
Moreover, she says, device makers want their products to appeal to ordinary consumers, so “they need to prioritize convenience, prioritize ease of use. Security often takes somewhat of a back seat.”
One effort is an industry standard called Matter from a consortium that includes Apple, Amazon, Google, Samsung and others, which works to make networked home products interoperate with each other. The Matter standard has security and privacy safeguards built in, says the group behind the standard. Products that meet the standard are being rolled out gradually and can carry its logo .
A project by the Biden administration aims to have makers of digital home devices label their products to indicate their security and privacy protections. Called the Cyber Trust Mark , it’s akin in some ways to the government’s Energy Star certification for the efficiency of home appliances.
The voluntary program, overseen by the Federal Communications Commission, is still under formation; the White House said last year it expected it to be in place in 2024. Under the proposal, device makers seeking to use the label would need to certify that their products meet certain standards by having them tested by an accredited lab. Agarwal says he has provided input to the government effort based on a Carnegie Mellon program to devise a similar label for smart products.
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
What a quarter-million dollars gets you in the western capital.
Alexandre de Betak and his wife are focusing on their most personal project yet.
New amenities, from a gym to a movie theatre, and a good commuter location filled this suburban office tower
3 min
Manhattan’s office-vacancy rate climbed to more than 15% this year, a record high. About 80 miles away in Philadelphia, occupancy also is at historically low levels. But a 24-storey office tower located between the two cities has more than doubled its occupancy over the past five years.
Developer American Equity Partners bought the New Jersey office tower, known as 1 Tower Center, for $38 million in 2019. At the time, the 40-year-old building felt dated. It had no gym, tenant lounge or car-charging stations. The low price enabled the firm to spend more than $20 million overhauling and luring tenants to the 435,000-square-foot property.
Now, the suburban building is nearly fully leased at competitive rents, mopping up tenants from other buildings after the owner added a new lobby, movie theatre, golf simulator, fitness centre and a tenant lounge featuring arcade games and ping-pong tables.
“Our tenants told us what they needed in order to fill up their offices,” said David Elkouby , a co-founder of American Equity, which owns about 4 million square feet of New Jersey office space.
The new owner also liked the location at the 14-acre hotel and conference-centre complex, off the New Jersey Turnpike’s Exit 9 in East Brunswick. The site is a relatively short commute for millions of workers in central New Jersey and is passed by 160,000 vehicles daily.
The property’s turnaround shows how office buildings can thrive even during dismal times for most of the U.S. office market, where vacancies remain much higher than pre pandemic.
Success often requires an ideal location—one that shortens the commute time of employees used to working at home—and the sort of upgrades and amenities companies say are necessary to lure employees back to the workspace.
One Vanderbilt, a deluxe office tower with a Michelin-star chef’s restaurant and plenty of outdoor space in Midtown Manhattan, is fully leased while charging some of the highest rents in the country.
The 11-story Entrada office building, in Culver City, Calif., is making the same formula work on the other coast. It opened two years ago with a sky deck, concierge services and recessed balconies. A restaurant is in the works. The owner said this month that it has signed three of the largest leases in the Los Angeles area this year.
1 Tower Center shows how the strategy can be effective even in less glamorous suburban locations. The tower is prospering while neighbouring buildings that are harder to reach with outdated facilities and poor food options struggle to fill desks even at reduced rents.
The recent interest-rate cut and reports that some big companies such as Amazon .com are re-instituting a five-day office workweek have raised hopes that the office market might be getting closer to turning.
But with more than 900 million square feet of vacant space nationwide and remote work still weighing on office demand, more creditors are seizing properties that are in default on debt payments.
Rates are still much higher than they were when tens of billions of dollars of office loans were made, and much of that debt is now maturing. The recent interest-rate cut doesn’t mean “office-sector woes are now over,” said Ermengarde Jabir, director of economic research for Moody’s commercial real-estate division.
Lenders are dumping distressed properties at steep discounts to what the buildings were worth before the pandemic. Some buyers are trying to compete simply by cutting their rents.
“Most owners don’t have the wherewithal to do what is required,” said Jamie Drummond, the Newmark senior managing director who is 1 Tower Center’s leasing agent. “Owners positioned to highly amenitise their buildings are the ones who are successful.”
HCLTech, a global technology company, illustrates the appeal. It greatly expanded its presence in New Jersey by moving this year to a 40,000-square-foot space designed for its East Coast headquarters at 1 Tower Center.
The India-based company said it was drawn to the building’s amenities and design. That made possible a variety of workspaces for employees, from quiet nooks to an artificial-intelligence lab. “You can’t just open an office and expect [employees] to be there,” said Meenakshi Benjwal , HCLTech’s head of Americas marketing.
HCLTech also liked the location near the homes of its employees and clients in the pharmaceutical, financial-services and other businesses.
Finally, it didn’t hurt that the building is a short drive from nearby MetLife Stadium. The company has a 75-person suite on the 50 yard line where it entertains clients at concerts and National Football League games.
“All of our clients love to fly from distant locations to experience the suite and stadium,” Benjwal said.
