Your Smart Home Is Stupid - IoT Security Explained

"No one would ever buy a smart toaster that ran on $400 Core i7." -- Well, if they used Core i9 12900K, they could use it as the heating element.

TheDoubleBee

Tech enthusiast: my entire home is smart and fully automated

Tech worker: the only piece of technology in my house is a printer, and I keep a loaded shotgun next to it in case it makes a noise I don’t recognise

TAPa

You would need to test to make sure your 2.4GHz cannot talk to devices on your 5GHz network. Another option is to just use your "guest" network function for both IoT and actual guests. Yet another option is to look for "client isolation" in your wifi settings, which will only allow devices to have outgoing internet access without getting to speak to each other.

dtemp

My favorite IoT breach was a smart AC unit inside a retail store, that was used as a jump point to get to the credit card DB, where they stole thousands of cards.

Karagoth

I'm on the "keep smart devices OFF the Net" side
keep only the hub on the Net
and of course behind a decent router/firewall
and of course kept updated
and of course without default or blank passwords

if a device only can work on Wi-Fi (or worse, requires a recurring payment), it ain't going in my home

youdontknowme

When James said "bad actors" and it showed the elderly couple, my first thought was "wow rude! All they are doing is looking at a tablet" forgetting that bad actors refers to hackers and the like. You rocked old people from stock footage!

elWhiteNinja

4:52 You were close here, but in most cases forcing IoT devices to 2.4 and using 5 GHz for other devices won't make a fudge of a difference since they will be on the same subnet, with full access to each other. Some systems might divide the frequencies in different subnets, but that's rare. The correct way is to use a dedicated SSID on a separate network with traffic between this network and your own limited and controlled.

JotaSE

Would love to see IOT device security testing as part of your lab

vstolpner

I’m currently taking a cybersecurity course at UC Berkeley, and one of the case studies we did was IoT security and a casino that got hacked via a smart fish tank thermometer

realazee

Never quite bought into this smart home idea haha. In general, it can’t hurt to research anything you buy to make sure you’re always protected.

GenericGamer

Definitely true. Although when I saw the title, I was thinking more about how fractured the market is (even though standards exist, many vendors do their own thing anyways), and how many "smart" devices are nothing more than voice controlled using a cell phone.

logicalfundy

One of the best advices I heard about IoT devices is that put them on a guest network with a strong password and your normal stuff on your main network. This will add another layer of protection if one of the IoT devices gets compromised and doesn't effect your entire network.

ecromancer

I think the "Smart Toaster" needs an I9 with only passive cooling... that'll heat the toast up really nicely!

cortneywebb

This does not look like the real James.

This looks like CGI James played by Linus.

King_DarkSide

Lol only thing smart in my house is my PC. I've never bothered "upgrading" anything to their "smart" versions mainly because of cost, but also because of the lack of convenience and needing to either buy everything in a single ecosystem or having to deal with multiple ecosystems. But the security concerns are also there.

cardsfanbj

I work in embedded security and there's a serious push to add secure provisioning to MCUs for IoT, AIoT and IIoT. the EU is looking at ETSI 303 645 too. Might be cool for LTT to look at producing a video on this? Happy to discuss further.

JooshyBaby

I can't think of the added security you'd get from putting the iot devices on the 2.4 ghz network. If they're still on the same physical network (aka the 2.4 and 5 networks are broadcast from the same router, there is literally no difference.

mikehudsonsucks

Back in the 80's I had a gadget called a GE Homeminder. The thing had a Z-80 processor and controlled X-10 modules. You'd program it using a remote control and graphics of rooms of a house on a tv screen. To set up say a lamp in the living room you would put a cartoon lamp in the cartoon living room and assign it the code you'd set in the X-10 module.

The devices could be programed, or you could even call the Homeminder (if it was plugged into a phone line), and you could punch in touch tones to control devices.

It worked really well, and with all our technological advances I've yet to see anything that worked as well and was as easy to use that that bit of mid 80's technology.

JeffDeWitt

I do have to ask how placing a device on 2.4 and other on 5 ghz networks would protect your devices. If you're on the same network regardless of 2.4 or 5 ghz you will not isolate them from the other devices. A "segmented" network would be the more proper solution so that they can only talk to devices in the same subnet.

kclubb

Old news, but it's good that someone informs people, WiFi thermostats is not worth the security risk.

ThePaalanBoy