The short answer is: probably yes, but it may be too complicated for a common user.
On November 16 Wired reported about a flaw in Amazon Key that could allow an unscrupulous individual to get into your home through the front door unnoticed. The only requirement is that they should be within your Wi-fi range.
The vulnerability should be fixed by now, and it appears that the immediate lesson to be learned is to secure your Wi-Fi network to prevent such a scenario. But what about other cases? Is it possible to make smart home devices secure with a robustly protected Wi-Fi network?
The Internet is full of tips and guides helping you to increase the protection of your wireless connection from intruders. Yet unfortunately they cannot guarantee complete protection.
Let me illustrate this point with a few examples of tips you may find out there.
1. Use WPA2 encryption with all the data that goes between your router and devices, since it is the most secure.
Well, it is, except the recently found KRACK vulnerability. While it can be fixed, it requires most Wi-Fi-enabled devices to be updated. If you own a 5-year-old router or a cheap Android phone, most likely, that these devices will remain forever vulnerable. (And I am not talking here about the possibility of not knowing about the KRACK vulnerability and the ways router firmware can be updated).
And if KRACK was found years after WPA2 was introduced, how can we be sure it has no other undiscovered vulnerabilities?
2. Change your Wi-Fi network name to something ordinary, or even make it hidden.
Some sites actually offer to name it something like “FBI Surveillance Van”, but I’d rather go with the model names of Wi-Fi devices like Chromecast or Sonos, which usually present less interest for intruders when emit their own Wi-Fi signals (because this means they are not connected to any other network).
The problem is there are tens of guides on how to find hidden networks within your range. And whatever your Wi-Fi name is, if the culprits want to hack it, they will do it.
3. Use strong passwords, especially for a router login.
One of the oldest crack apps called Wifiphisher works the next way: it copies the login screen of your router, creates a nearly identical wi-fi network and then intercepts your signal when you connect to your router. Then, you will be offered to confirm the automatic firmware upgrade, but for it you will need to type in your credentials. Voila, your strong password has been compromised.
And then there is the above-mentioned KRACK.
The point is strong passwords help prevent brute-force attacks, which is only one of numerous ways to get into your system.
4. You can set up your router to connect only the devices you know.
OK, but rogues can mimic your device (by Mac address spoofing, for instance) or simply enter your network through the vulnerability in one of your authorized devices.
For instance, it may be a malicious Android app. Not so long ago Reddit users noticed a clone of Whatsapp in Google Play. Its store page was nearly identical to the official messenger’s page. The publisher’s name had an extra unnoticeable space in its name. That app was downloaded >1M times before it changed its name and image.
Can you be sure that the next trustworthy app you’ll download will not actually be a clone?
If you think you are safe with your iPhone, think again. Just weeks ago, security experts found a Wi-Fi bug that would allow hackers to hijack your iPhone and install malicious apps. For more security holes that are found every now and then, simply visit the pages of every new iOS update.
For instance, the iOS 11 alone has brought patches to eleven vulnerabilities allowing maliciously crafted iBooks files, iMessage messages that crash the device, Exchange setup able to erase an iOS device and so on.
5. Keep all your connected devices up-to-date.
Again, that is just a nice practice to stay sure all the already found security issues are addressed. The yet unfound bugs will remain there.
Of course, there are more tips on the Internet. Turn off UPnP and Telnet, enable two-factor authorization and so on. But in the end you can never know if you did enough to protect your system. Why?
Because all these tips do not give you enough control over what is happening in your network.
It looks like the only way to be in control of everything that is going on in your network is to set up a firewall.
A firewall is a security system that manages all incoming and outgoing network traffic. In order to make the best use of it, you will need to dive deep into network security, learn your devices and apps pretty well, set up necessary rules and filters.
Moreover, to make it work 24/7, you will either need to keep your PC/Mac running at all times, or install a separate firewall device.
The good news is the market already offers a broad spectrum of such devices. And some of them are pretty simple in installation, setup and management.
The only question is:
Are you ready to get one more device in addition to your smart home setup and learn Network Security 101 just because your smart home devices are still vulnerable?