Voozh

Smart homes are incredible when they work well, but undoubtedly a headache when they don't. Between internet-connected cameras, cloud relays, microphones, and a mixture of connectivity options like Wi-Fi, Bluetooth, Zigbee, and Thread, there's an element of risk when it comes to the level of convenience you can have. Before taking the plunge, there are a few questions you need to ask yourself first to appropriately design and roll out your own smart home in a safe and secure way.

What's your threat model?

Analyzing what can go wrong

Before getting into anything relating to smart homes and potentially leaking data, you first need to identify your threat model. A threat model is a structured process for identifying, analyzing, and mitigating potential threats to whatever it is that you're trying to protect, so in this case, it would be your home. Identifying your threat model allows you to properly prioritize the risks you need to protect yourself against.

A good place to start would be to list out your most likely threats, so that you can come up with a plan to deal with each. These could be:

Burglary
Account hacking
Unauthorized remote access
Data loss
Intrusive landlords

Everyone's threat model will differ, so it's up to you to figure out what's most likely to be an issue for you based on where you live and what you intend to deploy.

👁 Private Internet Access VPN connected on Mac

Here's how your ISP and the entire internet know that you're using a VPN

A VPN might help protect your privacy, but everyone knows you're using one.

By Adam Conway

What data is being collected, where is it being saved, and can you self-host it instead?

Be aware of where your data lies

When you don't own the data associated with your smart home, it can be harder to ensure that it's effectively protected. Some cameras can only be accessed through the cloud, whereas others can be accessed offline either by design or with some research. It's worth creating a data map to figure out how different devices connect, and it can look something like this:

IP Camera: Dual access
Power plugs: Zigbee , local only
Smart lights: Cloud only

For some devices, cloud-only access may be unavoidable, but others likely have local-only or dual-access alternatives so that you can control them from anywhere. With a local-only device, chances are you can use another software tool like Home Assistant to essentially give you cloud access anyway, combining the best of both worlds and giving you full control.

If you can self-host your own smart home solution, that's the best option by far. This isn't feasible for everyone, but if it is for you, then it's definitely the path worth going down.

Can it work when you don't have internet?

A light switch shouldn't need internet

When there's a cloud outage or your internet is down, you shouldn't suddenly struggle to flip a light switch. I built my smart home with a local-first approach, so when I switched ISP and went without internet for approximately twelve hours, all of my local processing still continued to chug along if nothing had happened. I could control my lights, still pull data from my smart plugs, and still see my home CCTV in Frigate.

While there are some unavoidable consequences of a network outage when it comes to functionality, your home essentials that would still exist without any smart devices should continue to work at the bare minimum. If you know that it won't work that way with what you're looking to build, it might be worth reimagining your setup and what you can do to change that.

Network outages are unavoidable sometimes, and it can be incredibly frustrating to not be able to do something as simple as flip a light switch in your living room because you can't connect to external servers.

👁 Ring Video Doorbell Pro 2_intro_desktop_1456x546@2x

6 ways to improve smart home security

Protect your physical and digital home

By Patrick Hearn

Are you using network segmentation?

Cameras and microphones especially need to be carefully guarded

When building your smart home, it's good to ensure that your devices aren't connected to the internet, or at the very least, can't easily connect to the rest of your devices. While this mostly applies to cameras and microphones, any device can potentially be a vector to gain access to your network.

To use an example of where a smart bulb could be used to gain access to someone's home internet, CVE-2020-6007 describes an attack where someone could use a Philips Hue Zigbee light bulb to gain remote code access on a device in your home network. From there, it could do anything on your network, and that's just a light bulb with a gateway. To sum up the attack:

In the end, we managed to infiltrate a home/office network using a laptop and an antenna, by taking over a smart lightbulb and using it to attack and take over the controller that manages all of the lightbulbs and is connected to the traditional computer network.

So no matter what kind of device it is, it's a good idea to set up robust firewall rules or use a VLAN. While many routers and mesh networks have an "IoT network", these don't always use a VLAN, and devices can still cross-communicate. Don't be lulled into a false sense of security as a result.

How will you access your smart home remotely?

Don't just port forward on a public IP

If you need to access your smart home remotely, or think you'll need to, then you'll need to very carefully weigh up your options. Right off the bat, there's one thing you almost certainly shouldn't do: don't port forward a control panel or service aggregator (such as Home Assistant) on your home IP address. The internet is a scary place filled with automatic port scanners and brute forcing attempts, and it'll basically be advertised to the world.

Instead, do some research on more secure methods to access your devices. Services like Tailscale and Cloudflare Tunnels are significantly better options, as is a basic Wireguard VPN. You can also use tools like Pangolin or Netbird.

The point is to keep it simple, but don't throw security out the window in the name of convenience. Look into the available options and pick the one that will seemingly work best for you.

👁 closeup of firewalla gold pro

9 reasons I’m going with a prebuilt hardware firewall instead of making my own

The home labber in me is recoiling in horror but I've found a hardware firewall that just works, and I'm not going back.

By Joe Rice-Jones

Updates, end-of-life, and replacement strategy

What happens to your devices, long term?

When it comes time to upgrade older devices and replace them, or handle an end-of-life event for your devices, you should have a plan for how you approach it. Maybe an end-of-life strategy for an IP camera would be to completely lock down its network access and upgrade as soon as possible, whereas a light bulb would be a shrug of the shoulders, ensuring it can't access most devices, and moving on with your life.

Your strategy here partially goes back to your threat model; what do you care about? What potential risks are there? Does the device have any sensitive data on it? If it does have sensitive data, and you choose to upgrade it, ensuring that it has no personal data tied to you is incredibly important to prevent someone else from finding it and potentially pulling that data.

Knowing how you'll approach devices that you replace or may reach end-of-life is key to what devices you purchase to start off. Many devices never see an update, and if you're confident that you can lock them down and protect them yourself, then that mightn't be too much of an issue.

URL: https://www.xda-developers.com/privacy-security-questions-answer-build-smart-home/

⇱ 6 privacy and security questions you should answer before building your smart home