Let’s face it, technology runs our lives. We let it because it’s pretty cool and convenient to click on an app and turn on our vehicles or change our home lighting to appear as though we are home.
But, then there is the dark side. Like all technology, our smart home systems can be hacked. Maybe you’ve seen the stories about people taking over baby monitors or home security software. None of us want to have our electronics compromised let alone those that keep our homes safe and secure.
The risk of getting your home hacked is no joke. Check out Feedback Friday episode 391 for a real-life example where one of our listeners had her home hacked by an ex-boyfriend. Here’s what you can do if it’s happened to you.
Only as Secure…
A security system is never more secure than its weakest link. Within your smart home system, there is that one device that is more vulnerable and offers a hacker the in that they are looking for. One a hacker gets in through a desktop, laptop, or home hub, they could start getting access to passwords, security certificates, and other devices on the local network regardless of how secure they are.
Just because a hacker found that weak link doesn’t mean you are dumb. The reality is there are people out there who spend endless hours looking for these types of vulnerabilities. They get good at it. Meanwhile, you trust that tech companies are living up to their promise of unhackable devices. We all want to believe these companies, but they really shouldn’t say what they know is impossible to do.
Action Plan for a Hacked Home
Okay, so your home was hacked, but this is not the time to feel dumb. It’s time to take action.
Wipe vulnerable devices.
One of the first things you want to do is get the vulnerable device, such as a computer, wiped. Companies are available that also do what’s known as “device hardening” where they wipe phones, laptops, and other devices completely clean. They also check the devices for rootkits, do a clean reimage, and perform a lockdown with all security patches.
Perform a security audit.
Google and Amazon allow you to audit the devices that connect to your account. Every device that logs into your Google, Amazon, and Microsoft accounts is issued a unique secure token that allows that device to keep connecting in without you needing to put your password into the device over and over. Frequently, these security tokens stay even after you change passwords. But, you can audit the devices on your account and de-authenticate tokens that you don’t recognize. You can do this with most of your smart home devices, too.
Put Wi-Fi on pause.
Also, turn off Wi-Fi entirely in your house if you can for a few weeks. That’s probably one of the hardest parts of this whole process. See if you can borrow your neighbor’s Wi-Fi temporarily.
Another option is to use your phone as your Internet connection. If you’re not streaming a bunch of stuff and just checking email, then this approach won’t use a lot of your data. Also, when using your computer, you can use 4G to surf the web rather than Wi-Fi because it is far more secure than Wi-Fi. Or, use ethernet and hardwire your home office.
Secure devices and network first.
This is a good strategy for moving forward, but it doesn’t solve the hacking problem. At the very least, once you wipe the computers and you’re not using them, then you’ve made yourself a harder target. You can use a VPN, but it’s not really going to help you in this situation. It will help after making sure your devices are wiped and secured and your network is secured. Otherwise, you’re just the weakest link again.
Add MFA (Multi-Factor Authentication).
Password managers do help. However, multi-factor authentication (MFA) through an offline secure authenticator app is the most effective way to keep hackers out of your accounts. Two free examples include Google Authenticator and Microsoft Authenticator. Avoid any MFA tools that need to send your phone a text message.
Enlist the neighbors’ help.
If you suspect someone is also breaking into your home after hacking it, you can ask your neighbors if you can put a security camera in their window, facing your house. This way, if a device pops up on the hacker’s network list, it will be the neighbor’s and not yours (even though it actually is yours!). This can help you get the evidence you need to disprove the crazy theory.
Get expert assistance.
Some hackers have mad skills that just simply wiping your device won’t address. Unfortunately, you may have to replace your devices. Or, if you can find a specialist with good computer knowledge, they may be able to uncover all the tricks of the trade and shut down access points you didn’t realize the hacker created to regain control at any point.
It’s a good idea to buy new devices and cameras from a store rather than your Amazon account. That’s because the hacker could already have access to that and see exactly what type of security products and equipment you are ordering. It sounds like a science fiction or a spy movie, but it’s better to be safe.
Follow an order of operations.
One of our listeners who has worked as a digital forensic investigator noted that your tactics for dealing for a hacked home must follow a certain order of operations as shown below:
- Back up any important data to an external HDD. Phones can be backed up and cloud backups sometimes work, but it’s best not to take a chance.
- Get a new phone or, if you have the skills, securely wipe and reimage your old phone. Do not yet add your online accounts to this phone.
- Install an Authenticator App.
- On a new or clean computer, add MFA to your online accounts using the authenticator apps and change all your passwords for everything.
- Go into Google, Amazon, Apple, and Microsoft’s online systems and disable all devices registered to your account. This will invalidate any tokens a hacker might be using to access your online accounts or devices. All of your phone, tablet, smart home, and laptop devices will stop connecting to your accounts.
- Wipe and reimage all your computers (or buy new ones).
- Using a new or clean secure computer, check your router, firewall, and devices for security updates.
- Sign all your devices back into your accounts and provide the MFA codes using the authenticator app.
I’m not here to provide legal advice, but I do recommend that you take what evidence you have of the hacking and go to a lawyer with it. They can provide insights about how to get an order of protection or restraining order from the home hacker.
Take Back Your Home
Beat the hackers at their own game and get your smart home back!
[Featured photo by Bermix Studio]