Is Your Smart Thermostat a Cybersecurity Risk?

Sean D on Unsplash
Sean D on Unsplash

In a world that is fraught with ever-increasing cyber risks, it is not irrational to be cautious with every bit of technology you own. In fact, even a bit of paranoia is completely justified with the state of information security today. The bluntest way to put this into perspective is that cyber risks have already taken over natural disasters.

Global insurance companies have evaluated digital risks as greater than real-world risks for the first time in history. For these reasons, it is no surprise that IoT devices are a big risk. Incredibly, even a smart thermostat is a privacy risk (as well as a security risk) nowadays.

What is IoT?

IoT or the Internet of Things is an information technology term that describes the world of 'things' that are connected to the internet. Today, there are dozens of these devices on sale. Why 'things' though, and why is the term worded like that? Well, possibly because there are so many varying types of devices or 'things' on the market today that can connect to the internet.

IoT devices include everything from household items to smartwatches. If it is digital and connects to the internet, it is an IoT device. A Tesla, for example, is an electric car that interacts with the internet and receives updates. The car itself can be considered a multi-level IoT device. Your entire home can be considered an IoT ecosystem - known as the smart home. Internet-enabled refrigerators, TVs, Amazon Alexa, your Apple iWatch - you name it, it is probably an IoT device.

What is a Cybersecurity Risk?

When it comes to anything that is internet-enabled, the risk is already there from the start. This is akin to being a small animal out in the open savannah, at risk from all kinds of predators, unless well protected.

You interact with the internet via a router (whether that is a home or business router) that sends data packets back and forth to your devices. If you have a lot of IoT devices, that means each of them is constantly connected to the internet and sending and receiving information via your router. At the source, your router communicates with a landline that leads to a switching box on your street.

A cybersecurity risk means the danger of data compromise, which in the case of IoT, means misconfigured or unsecured IoT devices. These devices can be intercepted, compromised, sabotaged, and much more if the proper cybersecurity measures are not applied.

Because so much personal and private data runs through IoT devices and is stored on such devices, this is also a privacy risk as much as it is an outright security breach, or data leak risk. IoT devices are always vulnerable if not set up to modern standards.

What is a Smart Thermostat?

A thermostat, you say? Yes, the thermostat we all know measures or regulates temperature (in some cases it does both and even offers other parameters like humidity control, etc.) Several models are offered from companies such as Nest, Honeywell, and Ecobee. These can be used in the home, in buildings, in swimming pools, basically anywhere. And, there are billions of them all over the world. Even these very common devices that no one ever thinks about (but are everywhere around us) have experienced the digital transformation and are thus connected to the internet nowadays.

An internet-connected thermostat offers the ability to send and interact with databases that store temperature, as well as offer other options to the user which are a revolutionary step for the humble thermostat. They can help the user save energy by regulating the climate control system in the area it controls. They also can be remotely controlled which means that a user can preheat or pre-cool his/her house, for example.

Furthermore, smart thermostats have already been hacked into. Not that the thermostat stores any significant data, but it opens the door for cybercrime and what is called the knock-on/domino effects.

How is a Smart Thermostat a Cybersecurity Risk?

Again, a smart thermostat does not store sensitive or personal information as such. However, the problem is that smart thermostats know things about you. These devices store information about when you are home and when you are not, when you sleep, preferred temperatures, and more.

The next set of problems is that a smart thermostat, like any other IoT device, is a vulnerable entry point for cybercriminals or hackers. To put that into perspective, a smart thermostat device placed in a casino was hacked into, which then allowed hackers to move within the network, or 'laterally' and eventually worm their way into other databases that contained customer financial information. Hackers can intercept the connection, as devices like thermostats are usually not protected at a high level.

As far as privacy is concerned, since we live in the age of web advertising, the data stored about your habits transmitted by your thermostat can be used for ad targeting purposes. This, in a way, is the manipulation of your data without your consent, an intrusion into your life, so to speak.

It is estimated that by 2025, there will be around 80 million IoT devices globally. This market is going to be enormous, expected to be worth over $6 trillion. Today, on average, there are already dozens of IoT devices per home in developed countries. This is a playground for cybercriminals, essentially, where they can silently hack into the network without anybody noticing on time.

Configuring the settings on IoT devices is very important, as using a complex password for the router everything is connected to. Finally, using a VPN or Virtual Private Network (at the router level and on devices if possible) wherever possible will drastically reduce identity theft and data compromise because it encrypts (garbles) your data traffic.

Join the Discussion

Recommended Stories

Real Time Analytics