With great automation comes great responsibility. You may love your smart thermostat and door lock, but as long as they’re on the open network, they’re targets for all manner of digital attacks. And because the devices are smaller and simpler, they don’t have nearly the protection of your laptop or phone. The result is an unsettling thought: as you add more gadgetry, you’re also adding more ways for hackers to break in.
It’s a persistent vulnerability, and it’s common knowledge in the digital security world. For years, the Defcon conference has hosted an IoT Village entirely devoted to cracking Internet of Things devices. The 2014 event featured a router-hacking contest that turned up 15 major vulnerabilities in a matter of hours. For researchers, finding these flaws is so easy, it’s a sport.
It’s not all bad news. Your thermostat doesn’t make a very attractive target to most hackers. (Unlike your phone or computer, there isn’t much monetizable information on it.) The most likely threat is someone trying to enlist it in a Mirai-style botnet — which would be bad, but it would only cost you whatever extra power the device ended up burning.
Still, the net effect of tens of thousands of vulnerable IoT gadgets flooding the market can be significant, and it’s worth it to make sure you’re not part of the problem. The best thing you can do is pay for it: higher-end devices almost always have better security protocols, even if there’s no clear certification to look for just yet. Beyond that, make sure everything you own is getting regular patches — and that you’re installing them. If you want to get really serious, you can get a smart router to isolate all your IoT devices on a separate network, and monitor everything for signs of a compromise. That will put you ahead of 99 percent of consumers, and give you a fighting chance if anyone decides they want to take over your fancy new thermostat.