Smart Home Security

Who Has Access to Your Smart Home?

You’re sitting in your living room, watching television, when suddenly the lights in your kitchen turn on. You get on your tablet, check the cameras in the kitchen and the rest of the house, and see that you’re the only person there. Not sure what’s happening, you lock all the doors using your tablet, and call the police.

In today’s modern tech world, homes are evolving every day, accommodating more technological advances to meet consumer demands. Any device that can be plugged in to a wall outlet can be added to a controlled home network. Everything from your refrigerator to your security cameras and even the locks on your doors can be controlled using your phone or tablet from anywhere you are.

As smart home software and technology become more customary in homes across the US, the dangers of a cybersecurity attack increase. Smart home devices are controlled using a Message Queuing Telemetry Transprt (MQTT) protocol. While this MQTT is secure, if it is configured incorrectly or not password protected, hackers could gain complete access to your home. Once access is gained to a smart home’s MQTT, hackers are able to read signals such as turning off a light or shutting a door, and also control any connected devices such as a garage door or the lock on the front door.

In addition to hackers, another possible danger could be trusted persons with access to the network. For example, an estranged spouse no longer living in the home could still have access to the network, and with the ability to control things in the house such as the lights or the locks, a distressing divorce can become a dangerous situation.

Law Enforcement

For law enforcement, it appears the only reliable way to see who has access to a smart device in a home’s network, is by contacting the service provider for the particular device. The data is gathered by the smart assistant device, such as Amazon’s Echo with Alexa, and held by the commercial retailer of the smart assistant.

While previously, it appeared as though smart home data was covered by the Stored Communications Act, meaning police would only need a subpoena or a specialized court order to compel the service provider to provide police with the data, service providers frequently reject anything less than a warrant, and recent case law appears to support them. Although case law is limited on this particular topic, at least one court (The 7th Circuit in Naperville Smart Meter Awareness v. City of Naperville) has held that the Supreme Court’s decision in Carpenter (police need a warrant to obtain historical cell site location information from a suspect’s phone service provider) also applies to smart home data.

Public Awareness and Prevention

Some good practices for maintaining the security of your smart home include keeping all Wi-Fi and home network applications password protected, not sharing your password with anyone that isn’t a known or trusted person, and if you think your password has been compromised, change it immediately. When it comes to keeping your home protected from any network intrusion, the Online Trust Alliance developed a Smart Home Checklist for homeowners who might not understand the depths of just how connected their home is, to maximize the security and privacy in their home. Some of the points listed include reviewing a device’s warranty and support policies, and changing the privacy and data sharing settings.

While the advancements of smart home technology offer peace of mind and convenience to users, safety and security of the home should always be the top priority.

IACP Conference