A Military Approach for a Secure Smart Home

Sri Lanka Telecom in the late 90s introduced the worst metaphor I have ever heard when they referred to their Dial-Up Internet plans as “The Information Superhighway.” Dialog called their Internet plans “Your ticket to the Global Village.” Internet Service Providers use a variety of fancy terms to attract customers. They paint a beautiful picture of what the internet is like. What they did not tell you was that you are stepping into a battlefield every time you connect to the internet from your PC, Laptop, and maybe the smartphone or tablet. Today it’s not just the individual devices that connect to the internet but entire households that we call “Smart Homes.” In Sri Lanka also SLTMobitel and Dialog Axiata offer smart home solutions. In Sri Lanka, both SLTMobitel and Dialog Axiata provide smart home solutions. Dialog promotes its service with the slogan “Bringing Your Home to the Future. Today!” while SLTMobitel uses the slogan “Make Home Sweet Home, Sweeter!”

What they aren’t telling you is that you are entering into an active warzone the moment your house becomes smart. In a Smart Home, everything is Smart. Smart Lighting, Smart Refrigerators, Smart ACs, Smart Burglar alarms, Smart Smoke alarms, Smart Coffee Maker, Smart TVs, Smart Power Sockets, and even Smart Extension Cords, but they are smart only as long as they are online in one way or the other. In essence, they connect your entire house to a digital war zone. So today I want to walk you through a step-by-step guide that I like to call “A Military Approach for a Secure Smart Home”—You may want to call me a prophet of doom, the king of paranoia, a conspiracy theorist, or whatever you want to but I shall not sugarcoat the situation neither apologize for being blunt because this post is a warning to heed, not another blog post to make you feel good or give you a false sense of security. So, keep on reading. Who knows? If you are lucky some of my smartness will rub on you.

Compartmented Smart Home

In military strategy, compartmentalizing is the process of limiting access to information to persons or other entities on a need-to-know basis to perform certain operations. That way if a soldier is captured, the enemy can extract only the information he already knows. Then what do I mean by compartmentalizing your smart home? The ideal smart home has three categories of devices that connect to the internet—typical computing devices such as PCs, WiFi Printers, and Smartphones. Then we have the IoT (short for Internet of Things) devices connecting to a Hub like “Samsung SmartThings”. Then there is your CCTV network that connects to the internet. When I mention “compartmentalizing,” I mean setting up these devices on distinct networks. This way, your CCTV network doesn’t have any knowledge of what your Smart TV is up to, and your WiFi printer remains unaware of what your Amazon Alexa is doing.

Compartmentalizing your Smart Home can’t provide foolproof security, but it’s a prudent strategy to mitigate potential damage. By adopting this approach, you avoid the risk of placing all your digital assets in a single vulnerable basket. In the unfortunate event of a security breach in your CCTV network, it remains isolated and cannot compromise the network connected to Alexa. This segregation ensures that the breach in one area does not cascade into other parts of your Smart Home, preventing a situation akin to the high-profile security breaches faced by large retail chains like Target. In essence, compartmentalization enhances the resilience of your Smart Home system, limiting the scope of damage and reducing the likelihood of a widespread security breach. While it may not offer absolute security, it serves as a strategic layer of defense to safeguard your digital ecosystem and sensitive information from potential threats.

Make Body Search Mandatory

I’m not talking about body searching your guests for hidden firearms, sharp weapons, or suicide vests. Rather scanning the traffic that enters your home network for malicious content capable of helping cyber criminals cypher your confidential and sensitive information. For example, many unsuspecting Sri Lankans had become victims of the recent phishing attack that mimicked the Sri Lanka Post Website [Full Story]. The solution is to connect your Smart Home to OpenDNS. This freemium service is capable of scanning your browser requests and blocking the threats among its other functionalities such as improving the loading time of the websites you visit. All you need to do is to point the DNS servers in your router to those provided by OpenDNS. While the process is quite straightforward in routers provided by SLT, it’s a bit tricky with Dialog. Drop me an email if you need help and I will assist you.

OpenDNS functions as a Parental Controller also. This is an important feature because your children could be the weakest link in your security chain. A visit by one of them to The Pirate Bay for downloading the torrent of a pirated game could expose your “Nest Hub” to a “Drive by Malware” attack essentially exposing your Smart Home to the entire world. Cyber Criminals often infect torrent, and warez websites because millions (if not billions) of internet surfers visit such sites every day. The same story goes for pornography. Cyber Criminals often target pornography websites due to increased chances of spreading malware through them because of the high-volume traffic. OpenDNS is designed and operated with all of these threats in mind offering you a strong line of defense against a wide spectrum of threat actors. Get it today and thank me later!

Invest in the Great Wall of Fire

The Great Wall of China was Emperor Qin Shi Huang’s answer to hostile invading forces. Today the Chinese citizens have not only the ancient Great Wall of China but the modern Great Fire Wall of China as well! Officially known as “The Golden Shield Project” it has been active since the year 1996. The goal of the project is to shield Chinese residents from certain information that China considers to be counter to the best interests of the government and the people of China. The firewall blocks entire websites and filters content on sites that are not completely blocked. There are two types of firewalls. Software Firewalls and Hardware Firewalls. In this post, I am talking about Hardware Firewalls. About 30 years ago Hardware Firewalls were primarily used by enterprise-level networks. Home internet users did not need them. The situation has changed with the advent of Smart Homes.

Some experts say that Smart Homes don’t need a dedicated Hardware Firewall because SoHo (short for Small Office and Home) routers are equipped with a firewall that we call NAT (short for Network Address Translation). Well, they are right. However, just like any other device connected to the internet SoHo router firmware must be patched occasionally because cyber criminals discover new vulnerabilities daily. Regrettably, most home users rarely bother to update their outdated router firmware or upgrade their old equipment unless these devices completely fail. This is why a properly configured Firewall is an essential line of defense in every Smart Home. In case you wonder why you can’t just use a software firewall; you can’t take a knife to a gunfight. If you do you will be outgunned. Zenarmor has a list of 11 Hardware Firewalls it recommends for Home and Small Offices if you’re interested.

Note: Many of these devices cannot be bought in local stores, so you’ll need to place an order on Amazon. If a seller doesn’t deliver to Sri Lanka, you can explore the Kapruka Delivery Service as an alternative. This service will buy the item for you and ship it to Sri Lanka at the most affordable rate.

Sweep the Perimeter Regularly

In the context of military applications, the term “sweeping the perimeter” refers to the systematic patrolling of an area, whether outdoors or within a structure, by individuals such as soldiers, police officers, or security personnel. The primary objective of this activity is to ascertain the absence of any potential disturbances or issues within the designated area. In your Smart Home, your router marks the beginning and the end of the safe zone. It marks the inner perimeter and outer perimeter of your home network. On the other side of the perimeter is the internet the active war zone. Now here’s where it gets interesting. Unlike servers, client devices are not designed to accept incoming connections. Then how can you log in to the online dashboard of your Smart Home from literally anywhere in the world and switch on the lights at night? It’s because your Smart Home hub has a legitimate component that initiates outgoing connections to predefined servers and cloud services.

It’s like a locked door that you can’t open from outside but someone from inside can open it for you. Cybercriminals use the same principle in general to break into your Smart Home. Here’s how they do it. When an attacker takes interest in your home network, they probe it from the outer perimeter for potential vulnerabilities for exploitation. (A kind of electronic “recon” operation) These vulnerabilities range from a Laptop with an outdated OS and a poorly configured CCTV network to a Smart Refrigerator with outdated firmware. A successful probe allows an attacker to discover vulnerable devices in your network and drop a “backdoor” an illicit component that initiates an outgoing connection to a Command and Control Server operated by the attacker allowing him to infiltrate and take control of your Smart Home. Yes. You’ve got a Firewall but you also have a backdoor that opens the network to an attack.

The solution is to sweep your network’s internal perimeter but what do I mean by sweeping the perimeter regularly in the context of network security? It means looking for anything that is out of place or not right. You can start by checking the Firewall logs. These logs are a treasure trove of information because they record every single event in your network. If you don’t know how to read it, refer to the user manual, or get someone who knows. Then see that all the Operating Systems and Firmware Devices have the latest patches. Confirm the antivirus software is running and up to date. Look for IoT devices that children may have messed with leaving them misconfigured. Finally, see to it that none of the devices in your network are secured with factory default passwords. If you find any change those passwords immediately. If you can afford it hire a professional to audit your home network once a year.

Wrap Up

If you’re worried after reading this post, I’m glad you’re because you should be (I am not a cyber security expert but an enthusiast with plenty of practical experience in the subject.) The threats are real and they are growing wild by the day. It’s not just the black hats we’ve to worry about today because even the governments are breathing down our necks. In my view, the primary reason our government isn’t actively monitoring us online is due to a shortage of resources and personnel. Otherwise, our politicians would likely seize the chance to engage in online surveillance. Cyber Crooks on the other hand began going after Smart Homes because unlike corporate networks Smart Homes are sitting ducks. Gaining unauthorized access to a Smart Home network is relatively straightforward and requires minimal effort. However, identifying such a breach can be complex and demanding. Most Smart Homeowners may not even realize that their systems have been compromised and that someone is monitoring their activities.

Gaining unauthorized access to a Smart Home network doesn’t require advanced coding skills or in-depth knowledge of network security protocols. With just a few thousand dollars, you can easily obtain powerful hacking tools from the dark web and launch an attack on your chosen target. This accessibility to hacking resources raises concerns about the vulnerability of Smart Home systems. Moreover, relying on Smart Home service providers like SLTMobitel or Dialog Axiata for security is not a foolproof strategy. These companies, despite their efforts, have faced their share of hacking attempts and breaches, highlighting the ongoing challenges in safeguarding connected homes. (It’s worth noting that while there may not have been reports of Dialog Axiata’s network being compromised, SLTMobitel has been compromised at least once. [Full Story] To put it simply, safeguarding your Smart Home is more challenging than setting it up initially.

---

If you found this content helpful, I kindly ask you to leave your feedback in the comments section below. Sharing it on social media would also be greatly appreciated. In order to promote meaningful and respectful dialogue, I request that you use your full name when commenting. Please note that any comments containing profanity, name-calling, or a disrespectful tone will be deleted. Thank you for your understanding and participation.