8 Immediate Steps to Take After Your Smart Home Is Hacked
If you suspect your smart home has been hacked there are steps you can take to stop the intruder.
It seems like almost every day you hear about a smart home device being hacked. While there are no firm numbers on how common it is for hackers to gain access through home hubs, smart speakers and other internet-connected devices, it does happen. If you suspect your home has been hacked, here are the steps you can take to deal with the intruder.
1. Don’t Panic
The thought of a stranger getting access to your life is scary, but don’t panic. Knowing you have an intruder is a huge step. “So, you were lucky enough to know your smart home was hacked — congratulations!” says Steve Povolny, the head of McAfee Advanced Threat Research team. “What do I mean by this? The unfortunate reality is that most homeowners will likely never be the wiser when a threat actor [an individual or a group posing a threat] has compromised one or more of their home devices. After all, the number one priority is stealth. Whether your home was used as part of a distributed botnet [a network of computers that have been linked together by malware], or surveillance footage of your camera was exfiltrated to the Internet, you have a problem on your hands, but at least you know about it.”
2. Reset or Reboot
Do a hard reset or reboot of the affected smart device(s). Povolny says this doesn’t guarantee the hacker will be bumped off your device, but it’s a good start. Check with your device’s manufacturer for instructions on how to reset your device. A quick Google search of the manufacturer’s name should bring up their website. Typically you can find their helpline contact information on the manufacturer’s website under the About, Help or Contact link in the menu.
3. Update Your Router
Alan Grau, VP of IoT for Sectigo, a provider of web security and automated PKI management solutions, says older routers are more susceptible to hackers so an upgrade may be in order. Be sure to look for routers with built-in DDoS protection for better security.
4. Secure the Router
Making sure your router is secure is an important step after you’re hacked, Grau says. To secure your router, complete these steps. For help consult your router’s manual or contact the router’s manufacturer.
Verify that the router’s firmware is up to date
Change the admin password on the router
Make sure WPA2 is enabled
Disable WPS and UPnP
Enable the firewall features of the router
Set up a separate guest WiFi network if supported by your router
5. Change Your Passwords
Next, create new passwords. “Password changes should encompass your network router, WiFi password, all network-connected device passwords (‘smart’ or not) and potentially even passwords stored or used during your browsing session since the network was compromised,” said Povolny. “Attackers may have been able to snoop on your network traffic to your email, social media, banking websites and much more.” Make sure none of your passwords are duplicates, and they are complex enough to thwart new attacks.
6. Enable 2nd-Factor Authentication
Now that your passwords are changed, enable 2nd-factor authentication on your accounts and apps that allow it. Proving who you are with more than just a password adds another layer of protection.
7. Isolate Your Devices
Once passwords and accounts have been updated, Povolny recommends isolating the devices on a separate network, physically or virtually. “This can be done from nearly every router on the market, and provides a barrier between home automation devices and your home network, where your computers and smart phone typically browse from,” said Povolny. Your router’s manufacturer should be able to walk you through the process.
8. Do Your Research
Finally, when purchasing your next smart home devices, research the security features. “If the device is rated as having poor security, consider a different vendor,” said Grau. “Personally, if I cannot change the password on a device, I won’t purchase it. To me, this is the most basic security requirement that any device should have and without this basic capability, the device is defenseless against attacks.”