Learn

Personal Resource Center
Back

The Risk of IoT Devices in Your Home

There's no denying the pleasure and convenience of internet-connected home devices. Sending your vacuum to the living room while you're at work, unlocking the door from the beach for the cat sitter, or having the thermostat analyze your activity and adjust to minimize energy use are genuine lifestyle upgrades.

A growing number of households are embracing such quality-of-life enhancements. The number of North American homes with one or more smart devices — also known as the Internet of Things or IoT devices — grew by 12% between 2021 and 2022, making 39% of households "smart homes," according to Berg Insight.1 On the flip side, studies also indicate that developers of various gadgets tend not to make security a top priority. And with that, introducing the latest technology tends to put more of an onus on the consumer to understand how secure a product may be.

Accordingly, here's another growing number to consider: There were 112.29 million malware attacks2 on IoT devices in 2022. There's good reason for fraudsters to target these devices. According to a 2022 study3 on security perceptions of IoT devices in homes, users tend not to check defense settings on these devices but still feel they're quite safe. And while the threat of someone commandeering your smart washing machine may sound more silly than scary, an unsecured IoT device can act like an open door to every apparatus on your network — like your computer or your home security system.

Are your beloved IoT home devices exposing you to security risks? Here are some of the ways they can compromise your security and what you can do to protect yourself — without losing those amazing smart home benefits.


Smart Home Device Security Risks

The most common risk associated with smart home devices, according to a 2023 study4 in the journal Computers in Human Behavior, is privacy intrusion. This encompasses threats to your data security and privacy, as well as your family and home's physical safety.

The harms these risks can expose you and your family to include5:

Data Security

With access to your IoT home device data, criminals can target your personal information, resulting in identity theft and financial fraud.6

Cybercriminals can also hijack your device in service of a distributed denial of service (DDoS) attack7. In this case, your device isn't the target, but becomes ammunition used to take down someone else — often a large corporation or government entity. Criminals launch DDoS attacks to jam up organizations' websites, which can harm their business or reputation. Attackers often ask for a ransom to restore the website. To launch a DDoS attack, criminals need to control an army of devices — and an unsecured connected home device is an ideal target. You may not even know if your device is part of a "zombie network" or "botnet" used for a DDoS attack, but it could slow it down or make it behave unexpectedly.

Personal Privacy Invasion

Cameras and microphones are standard features in smart home devices. But when they aren't secured, footage can be stolen, and conversations are vulnerable to eavesdropping. Why would anyone want to spy on your family? It's often about voyeurism and inflicting terror. Families have reported hackers talking to their children at night8 through baby monitors and telling them their home was about to be bombed9 just to watch them scramble on a hacked camera. Additionally, sensor data, such as your fridge not opening for a few days, can signal to criminals that you're away.

Physical Safety

Criminals who gain access to your smart door locks, security systems, fire detectors, smart plugs and more can put your safety and your home security at serious risk. While criminals' motives for attacking security systems may be obvious, messing with other devices can be about harassment — like making a carbon monoxide alarm go off10 or setting a smart thermostat to 90 degrees11 in the middle of the night.

target icon

There were 112.29 million malware attacks on IoT devices in 2022 — yet users tend not to check the security settings on these devices.

Cyberstalking

A less studied but concerning risk cited in the Computers in Human Behavior research is the potential for cyberstalking and exacerbating domestic abuse. Escaping an abusive or controlling relationship, for example, could be much more difficult if an abuser is monitoring their partner's behavior through smart devices.


How IoT Security Breaches Happen

Criminals can gain access to your IoT devices in a variety of ways, including:

  • Weak Device Security. Cybersecurity may be the last thing on your mind when buying a smart vacuum or fridge. Unfortunately, it's not top of mind for many consumer electronics companies as they rush devices to market, either. A 2021 study12 by Euroconsumers found that 10 of 16 common smart home devices had security vulnerabilities — 54 weak points, in fact, among the 10 devices.

  • Unsecured Networks. If your devices share a network, any data stored on the network — from when you last used your smart coffeemaker to smart TV data — is vulnerable to intrusion13 if any device on the network gets hacked. And if your computers are on the same network, they can be exposed as well. This security weakness could expose your workplace, too, if your smart home devices are using the same network as your work-from-home devices.14

  • Smartphone Hacking: You can control your IoT home device through your phone, but if a criminal gains access to your device, they may also be able to gain access to your phone.

How to Protect Your Smart Home Devices

It's safest to assume that many of your smart home devices are vulnerable. But some simple safety measures can protect them from being compromised or becoming the point of entry for an attack on your entire home.

  • Put smart home devices on a guest network. Treat your smart home devices like guests in your home — guests who might bring a criminal as their plus one. If your computers are on one network and your IoT devices are on another, you close down an entry point to your most valuable data.

  • Lock your smartphone. This is good security hygiene with or without IoT devices in the mix. Strong passwords, effective security software and two-factor authentication on all of your devices can help keep criminals at bay.

  • Boost your router security. Buy a router that includes strong security measures. Then change the default username and password when setting it up, so hackers can't guess what type of router you have, which would aid them in hacking it. Enable your router's firewall15 and follow the device's instructions to use WiFi Protected Access (WPA) authentication16 for maximum security.

  • Update smart devices' software. You're probably used to updating software on your computer and smartphone, but some IoT devices offer updates as well. Some may be automatic; check your device settings for manual updates, too.

  • Run a home scanner. Wondering about your current home network vulnerabilities? You can run a scanner17 on your network to identify weak spots.

It's an exciting time for the IoT as home devices get smarter and more and more households embrace these technologies that make life easier. But as the market rushes to meet demand, device security may sometimes get lost in the shuffle. Cybersecurity technology company Bitdefender predicted in a 2023 report5 that "IoT security will get worse before it gets better."

In the meantime, protection is largely in the hands of users. But with these security measures and an awareness of where the dangers lie, you can keep your favorite smart home devices cleaning your floors, playing music, keeping your home secure, and controlling your heating and cooling— and still protect your home and family from cyber criminals.

Important disclosure information

This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

  1. Berg Insight, "The number of smart homes in Europe and North America reached 120 million in 2022," published April 17, 2023, accessed August 11, 2023.

     Back

  2. Statista, "Annual number of Internet of Things (IoT) malware attacks worldwide from 2018 to 2022," published May 3, 2023, accessed August 11, 2023.

     Back

  3. Lili Nemec Zlatolas, Nataša Feher, and Marko Hölbl, "Security Perception of IoT Devices in Smart Homes," Journal of Cybersecurity and Privacy, published February 14, 2022, accessed August 11, 2023.

     Back

  4. David Buil-Gil, et. al, "The digital harms of smart home devices: A systematic literature review," Computers in Human Behavior, published August 2023, accessed August 11, 2023.

     Back

  5. Bitdefender, "The 2023 IoT Security Landscape Report," published April 25, 2023, accessed August 11, 2023.

     Back

  6. Muhammad Hashir Ali, "Smart Home Security: Security and Vulnerabilities," Wevolver, published January 30, 2022, accessed August 11, 2023.

     Back

  7. Adrian Winckles, Andrew Moore, "How to spot a cyberbot – five tips to keep your device safe," The Conversation, published January 18, 2023, accessed August 11, 2023.

     Back

  8. @kurinadele, "Get rid of your wifi cameras!!!!! #owletcamera #babymonitorhack," TikTok, published May 5, 2023, accessed August 11, 2023.

     Back

  9. Jomilė Nakutavičiūtė, "How to protect your baby monitor from being hacked," Nord VPN, published April 17, 2022, accessed August 11, 2023.

     Back

  10. HSB, "Smart Homes: What Devices Can Get Hacked?" HSB Equipment Connection Blog, published October 14, 2021, accessed August 11, 2023.

     Back

  11. Ashley Sears, "'Felt so violated:' Milwaukee couple warns hackers are outsmarting smart homes," Fox 6 Milwaukee, published September 23, 2019, accessed August 11, 2023.

     Back

  12. Euroconsumers, "Hackable home project: Euroconsumers unveils worrying results for smart device owners," published September 1, 2021, accessed August 11, 2023.

     Back

  13. Kaspersky, "How safe are smart homes?" accessed August 11, 2023.

     Back

  14. Adi Gaskell, "IoT devices represent a security risk when working from home," Cybernews, published February 4, 2022, accessed August 11, 2023.

     Back

  15. Matthew Lynch, "How to Enable Your Wireless Router's Built-In Firewall," The Tech Advocate, published June 11, 2023, accessed August 11, 2023.

     Back

  16. Kaspersky, "WEP, WPA, WPA2 and WPA3: Differences and explanation," accessed August 11, 2023.

     Back

  17. Eric Geier, "5 Free Network-vulnerability Scanners," Network World, published March 9, 2021, accessed August 11, 2023.

     Back