Smart Home For Beginners – IoT Security


This is a series on home automation basics. I’ve been covering some of the essentials
like scenes & modes, automations, voice assistants, and in this one, how to secure your smart
home devices. In the last video I walked through voice assistants
and how to use them to make your smart home more accessible. If you haven’t seen that one yet, I’ll include
links in the description. You can also jump back to the beginning of
my home automation basics playlist to see topics like scenes, routines, and geofencing. But as I mentioned, in this video I’ll be
jumping into securing your smart home. With each smart home device you add, it’s
like adding another tiny door into your home for someone to hack open or take advantage
of. While I will be giving examples from different
systems like SmartThings, Google, Amazon, and others, this is meant to be a platform
agnostic view on home automation. These core concepts apply no matter what system
you’re using. If you’re just getting started, then this
is the series to watch. If you’re already building out your smart
home, this may still spark some ideas. Before we dive in, take a moment and hit the
subscribe button, so you don’t miss out on the full series and other future videos
like this one. I’m Matt Ferrell … welcome to Undecided. It’s enticing to save some money and buy
a no-name brand for $5 vs. paying $25 for a brand you’re familiar with. The problem is that each of these devices
are little computers running basic operating systems. Not every company takes the time to build
out their computer systems with the care and attention they require, so they may be running
outdated software that has security vulnerabilities that were never patched. Or have default administrator usernames and
passwords, which make it easy for a hacker to take control of the system and then run
amuck inside your home’s network. Internet of Things manufactures aren’t spending
enough time securing what they’re building, so it’s on us to make sure we’re buying
reputable devices and taking steps to secure our homes. If you don’t think this is a wide problem,
then you should check out an HP Research Study that found 70% of IoT devices were vulnerable
to attack. Or watch Ken Munro’s Ted Talk where he talks
at length about how easy it is to hack a lot of smart tech. Twitter suffered a denial of service attack
in October 2016 that was run from 300,000 hacked home security cameras. This isn’t a problem that’s going away
on its own. Here’s a few rules I strongly recommend
you follow: Don’t buy IoT devices from a vendor unless
it has proven security. The old saying that, “if it seems too good
to be true, it probably is,” is sometimes the case. Don’t jump on the cheapest options you find
without doing a little research first. Look up a manufacturer to see if there are
any customer complaints or issues reported with software problems. See how long they’ve been in business and
what their track record is for pushing updates to their products. Have they been in business for multiple years
or are they brand new? Reputable companies will have details on their
terms of service and privacy policies, so you can often find out where the servers are
located and what countries and laws will be protecting your privacy. It’s important to know as much about the
company before you plug in any company’s device in your home. Put your devices on a separate network
Try your best to limit the number of devices you put onto your home WiFi network. On a practical level, too many devices on
a WiFi network can end up causing instability in your network. A rule of thumb is to not go over about 50
devices on a single consumer grade router. There are some that can handle more, but it’s
generally not a good idea. Every device that you add to your network
can see every other device on your home network. So one path to secure things would be to get
a separate WiFi router that you can run a secondary network isolated from your main
system. Put all of your home computers, smartphones,
etc. onto the main WiFi network. And then put all of your IoT devices on the
second WiFi router running a completely separate gateway. This will make it impossible for any IoT device
to see your home PC, Mac, or smart phone. Another option that many routers include is
a guest network. For instance, I use the Eero mesh WiFi system
for my home network. I can run a completely separate guest network,
which isolates anything on that WiFi network from seeing not only my main WiFi devices,
but from seeing any other devices on the guest network. It’s like putting a tiny firewall around
every single device on the guest network. And for Apple users, Apple announced a new
secure WiFi setup as part of Apple HomeKit (https://www.theverge.com/2019/6/3/18646453/apple-homekit-support-smart-home-security-routers-wwdc-2019). It’s basically Eero’s guest WiFi technique
brought to HomeKit. Any supported HomeKit router will be able
to automatically firewall off HomeKit accessories, so they can’t access your full home network. Linksys, Eero, and Spectrum are the first
companies signed on to support that new feature. Make sure you’re devices are running the latest
software Many devices have firmware updates that come
out from time to time to fix bugs, add new features, and to plug security holes. My Philips Hue hub has received numerous updates
over the years, but you often have to keep an eye out in that devices mobile app for
those updates. I’ll often see a notification icon on my
Hue app that there’s an update to apply. Be sure to check your Hue app, or iHome app,
or fill in the blank app, from time to time to see if there are any software or firmware
updates available. So that’s the last of this initial set of
videos, but keep an eye on this playlist and the channel because I’ll be adding more
to it over time. Be sure to drop any questions or aspects to
smart homes that you’d like to see me cover in the comments. You can also reach out to me on Twitter, Instagram,
and my website. And if you liked this video, be sure to give
it a thumbs up and share with your friends because it really helps the channel. There are some other ways you can support
the channel too. Check out my SFSF Shop for some cool Tesla,
Space X, science, and Undecided shirts. There’s also other links in the description
for some great Tesla accessories and discounts. And as always, an extra big thank you to all
of my Patreon supporters. Your support is really helping to make these
videos possible. Be sure to check out my Patreon page for additional
details about joining the crew. And if you haven’t already, consider subscribing
and hitting the notification bell to get alerts when I post a new video. And as always, thanks so much for watching,
I’ll see you in the next one.

32 comments

  • So to understand once again a great video. Would it be suggested to put my smart devices on my guest network?

  • Some great advice Matt! It’s very important to consider these things as we are building our smart homes. I’m hoping the Netgear Orbi will update their routers with the new router HomeKit support via firmware update like the others you mentioned in the video.

  • Matt – could you create a basic schematic chart illustrating how to set up two wireless routers and which equipment / devices you recommend connecting to which router? You've introduced a very smart concept I hadn't considered, and seeing it illustrated would help it sink in! (Maybe for others too). Thanks! – Greg

  • It's sad that hackers can do what they do, seemingly pretty easy. I do think that hacking into a system to steal whatever, should be dealt with way more severely than it is now. Especially since we seem to be living in the "connected" age.

  • Why do you talk like a 🤖 robot and it feels like you don't even blink

  • Ricardo Rodrigues

    I have searched but never found a hardwire solution that has everything, like sensors cameras (most important hard wired door locks), hub, bulb, etc. If companies really cared about security they wouldn't use for example a specified wireless frequency or a system where every almost every device is battery powered because even tough they last two years, the moment a user needs to replace them even if it is just one is a moment where you don't have that specific devices function. Being wireless is good but only if you are 99% sure that if someone breaks that connection which with the right equipment is fast you have a backup. Some people's homes have expensive appliances that are good for a lifetime like a computer sound system TV a kid a dog precious metals or metalwork, etc.
    I have only smart locks but only for rentals.
    And cameras for insurance claims.

  • Spend $20, get a switch. Create vlans…

    Most routers already have at least a basic firewall.

    3 vlans (these are separate networks)

    1 for devices that need the internet (laptops, TV, phones, etc)

    1 for things the you need to reach from the internet.

    1 for things that don't need the internet (lights, switches, sensors etc)

    Set router firewall.

    Bam. Fairly secure network

  • I run 3 wlans using gear from Ubiquiti, run fine whit 70+ IoT stuff 👍

  • Matt, Ive watched this entire series with much interest and i am about to build my retirement home, i am not fussed about what vendors i use but of course would like the best i can get for a reasonable price. if you were to build a home automation system from scratch, what products would you use, i would like to have a complete system, security, voice command, geo fencing, lighting control, climate control etc? Thanks, this has been a great series for the undecided.

  • Matt,

    Nice video. Thanks for the research you do. Sorta unrelate, but do you know what your roof mounted solar panels are rated for as it pertains to windspeed? This hurricane will come ashore in Florida @140 mph wind speed and 10 mph, speed across the ground, and a CAT 4. I was wondering if your installer made any estimates?

  • Hshsha “talk like a robot”, that was an unusual comment. I think you are one of the best speaker presenters and appreciate your speaking. I find it great compared to Elon who makes a sham of his speaking presentation. I admire Elon.

    Thank you for the info on security. I am a bit of an old newbie and need to get with the home security program Look forward to more on this subject

  • If you put IoT devices on a separate network to keep them from seeing your phone or computers, then you can’t control them with your phone or computers.

    Everyone says to do this but it just doesn’t work.

  • Remy Azhary Yosef

    I think the basic principle here is to use an independent hub that controls all those IoT devices. BUT that hub needs to be connected to the router.

    For example, for z-wave devices, I use the Vera gateway. And for Ikea smart devices, they're linked to the Tradfri gateway.

    These two gateways/hubs are then connected to my router.

    And on a top-level control, they're all controlled via Alexa.

  • Hi there Matt, trying to keep up with all the tech that's out these days and after seeing your vedic on IoT security. I am unable to see the Eero mesh units available in the UK. If annoying of your readers or your self could point me to a site that could supply in theUK or similar Mesh unit. Thats Matt.

  • Matt, I’m enjoying your work! Thanks! Question…are water sprinkler systems and original roomba “smart”? Neither are connected to the internet or phones. The wife and I are having a debate…

  • How does it work with some IoT devices that need a physical connection to the router, like the Philips Hue hub? This ends up on the primary network instead of a "guest" one, right? Any way around this w/o a separate physical device?

  • 😁😎⚓🏡💫🔑👍

  • Matt a few ideas that I may have mentioned beforehand. Back in the 80s the various EU major manufacturers spoke of old people friendly stuff. Having watched the last few mins I get the impression that this is no longer a "real" segment since the security stuff is too hard for old Joe Public.
    I appreciate your general optimism but wonder when it comes to the 80s for you I am prepared wager that either Tesla or Home Auto will be gone. Time will tell

  • hi Matt, my 25 years of Cisco routers & switches advice:

    1. avoid multiple WIFI Access Points. The radios will cancel each other out (congestion). Take an AP with multi SSID (VLAN) option.
    2. use a switch with VLAN tagging and PoE.

    3. build a home server to centralize all IoT devices and camera recordings.
    4. create a DMZ to access that server with a PPTP or L2TP VPN service on your smartphone over the internet. use remote desktop (RDP) if Win10 Pro as server.

    chances are 95% of hackers will look elsewhere (too much effort)

  • Hey man, I never comment on Youtube videos, but this series has been fantastic. Keep up the great work.

    Also, real quick, Rule 3 – you're should be your 🙂

  • Thanks Matt. 👍

  • Hi Matt, great series, thank you! Only been looking at this technology for a few days and that series helped loads. Much appreciated.

  • Hello. I’m disabled. I’m in need a camera system with the ability to have conversations. We would need to be able to record incidents but preferably not a paid service. A PTZ camera would be great but I have to take cost into account. My wife needs to keep her job and we are on a very limited income. Can you suggest a good option?

    I tried the following from Amazon and both units were junk.
    YI Smart Dome Security Camera X, AI-Powered 1080p WiFi IP Home Surveillance System with 24/7 Emergency Response, Human Detection, Sound Analytics, Image Retrieval, Time Lapse – Cloud Service Available

    https://www.amazon.com/YI-AI-Powered-Surveillance-Emergency-Detection/dp/B01CW4AZDS/ref=sr_1_1_sspa?crid=62M57AT6YXYX&keywords=yi+smart+dome+camera+x&qid=1567474266&s=gateway&sprefix=YI+SMART+%2Caps%2C202&sr=8-1-spons&psc=1&spLa=ZW5jcnlwdGVkUXVhbGlmaWVyPUEzQjFKTTRWUzRCNE5aJmVuY3J5cHRlZElkPUEwNTgwMDU1Mk9KRUdBWERFRERCRiZlbmNyeXB0ZWRBZElkPUEwMjM2MzQ4MzAyWE9NVjJESkpXNCZ3aWRnZXROYW1lPXNwX2F0ZiZhY3Rpb249Y2xpY2tSZWRpcmVjdCZkb05vdExvZ0NsaWNrPXRydWU=

    Before I became disabled I’d been a beta tester for a different tech industry and my extensive career in management enables me to communicate in a succinct and clear manner should anyone be in need of testimonials from a disabled family.

    I’m not looking for anything free. I just don’t want to waste my money! Again!!!!

    Thank you.
    God Bless 🙏
    Chris 〽️

  • Anything in 802.11 protocols (WIFI) are susceptible to a deauthentication attack. If possible steer away from WIFI and devices that only records to the cloud. Any person can do this simple yet effective attack.

  • Alexander Stachowski

    Matt – Do you suggest any anti-virus/malware software? I know Bitdefender BOX is good with the IoT, but it will not work with a mesh network.

  • Matt, a bit of a side question.

    What do we consider as an IoT? Do we consider our smart TV, nvidia shield, wifi enabled sound bar as IoT? If yes should they be firewalled off. If I do that, I can allow them to still be controlled from computers on home network, but certain features like chromecast etc may not work because wifi ssid would be different. How do we manage that part?

    Additionally, if I use homekit off an apple TV, will it still be able to control devices on a separate wifi network as long as I allow ports to be reachable and routable. I am BE comp sci and former CCNP, so please feel free to be as techy as you wish in your reply.

    Looking forward to your thoughts.

    EDIT: My current setup is Fortinet 90D, Cisco 1142 AP.
    SSID for Home, SSID for guest, SSID for IoTs, and their respective 2.4ghz ssids
    on 6 separate vlans, bundled into 3 security zones ( home, guest and iot), and 6 separate subnets with IPs issued from DHCP server running on each gateway. 4th security zone for wan.

    High level policy setup:
    Home zone can initiate communication to wan and iot.
    Iot zone can only initiate communication to wan.
    Guest security zone can only initiate communication to wan.
    Wan cannot initiate communication to anyone.

    Essentially a fully zone based zero trust architecture in home. :). Additionally after watching your video, I am wondering if I should disable intra ssid communication as well.

  • Has Matt finnished the Smart homes for beginners videos ?

  • Hey Matt- As always liked this video of yours too! Simple, informative and to the point!
    Can I request you to do a product comparison video on smart locks and some suggestions on how to use it or should we even use it at all! Cheers, Sam

  • Rule 2 is the most important point Matt makes. Reading up on basic firewall networking will help everyone greatly secure their networks. Here is a great diagram on how your home network should be set up. EXCEPT the 'provider router' should be a physical firewall. https://robert.penz.name/wp-content/uploads/2016/07/iot_network1.png

  • I run Untangle NG Firewall on an old intel dual core PC and put my Eero pros in bridge mode. Wifi speeds and range is great but I no longer trust Eero (owned by Amazon). Plus it’s pretty limited.

    I just ordered a Pepwave Surf SOHO router. I’ll be running vlans to segregate as much iot as I can.

    Only ones I may have to compromise on are airplay and AirPrint devices. Airplay and AirPrint discovery across vlans I’m not sure is possible or reliable if it is.

    But looking forward to the robustness and security of my Peplink router.

  • Hello,

    I'm Mylene from GlateHome (Taiwan). Glatehome is about to launch a competitive Home security product: Glate

    Glate has a lot of potential and distinctive features that I would love to share it with you.

    HomeIFF: Glate's innovative system (similar to IFF (Identification, Friend or Foe), can distinguish between strangers and non-strangers with 100% accuracy. As a result, only strangers will trigger the alarm and you only receive notifications that really matter.

    Early detection: Glate will identify strangers on approach and a loud siren goes off in advance. Not only does it detects strangers before he gets to the door but also the camera doorbell starts to record the front image of the stranger in the meantime.

    Completely privacy: Glate security only starts record when triggered by events & will be automatically bypassed for family members.

    Ture auto arm: Auto arm/ disarm by your location and status. Without having to use a keypad, Glate automatically arm/ disarm even when you fall asleep.

    EASY TO DIY: Peel the stickers off and sticks wherever you choose to put it.

    What do you think about it? Would you like to give it a try? You can find us here: https://www.glatehome.com/

  • Awesome video!

    Although, speaking of which, do you know Eufy is a Chinese company which is required by law to leave backdoors and share all their data with the Chinese government? Just in case you don't already know 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *