You may think your Ring doorbell is giving you an eye on your front porch, but who’s watching you? (Photo: Martin Lou/Ring).


So your holiday gift was a new smart-home device. It could be Amazon’s Echo, often called “Alexa,” or Google Home using “Siri,” which provide music, news updates and other information features; iRobot Roomba to clean your floors; the Ring doorbell, or a smart TV for voice-command video.

Maybe you’re thrilled with your gift, or maybe you’re a bit wary, given recent reports of cyberhacking of some devices. Internet-oriented devices can make life simpler, through voice-activated commands and remote operation, but they also can allow access to cyberhackers looking to steal your personal information.

“Everything is hackable. If you can access it, others can access it,” said Yair Levy, director of the Center for E-learning Security Research at Nova Southeastern University in Davie. “Any new device you add, you add another (security) hole.”

Still, billions of smart-home devices have been sold.

“Some people are saying, ‘I don’t care,’” said Levy, who teaches his students about the hacking dangers of smart-home devices.

But if you’re still sold on the convenience of using an Alexa or a Roomba, here are some expert recommendations for setting up and operating the device.

Read the manual
Don’t skip over the instruction manual for your smart-home device, which has important information that could affect you down the road.

“You’re so excited to play with the new device that you go ‘yes,’ ‘yes,’ ‘yes’ while setting up the device,” observed Tim Rader, director of product development for security company ADT. The Boca Raton-based company developed the Alexa Guard app to integrate its security product with smart-home devices.

“Don’t be in too much of a rush,” he said, saying that there may be options that could have an impact on privacy and security.

Change the device’s password
Many smart-home devices come with a manufacturer’s password to set them up. Don’t use the device with this password because it’s easily found online. Create a unique password for the device, and not one you’ve used for another account.

Reza Azarderakhsh, associate professor of computer science at Florida Atlantic University in Boca Raton, said that while changing the password for your device is always a good idea, it shouldn’t give you a false sense of security. “It doesn’t make you secure against a serious cyberattack,”
he said.

So step it up by changing your password every 90 days, another expert says.

Rader recommends consumers find a “scheme” that will help them remember a password, such as the words from a song you like. Then mix the words with lower and upper case letters, numbers that are not repetitive, and special characters, such as an ampersand, asterisk or dollar sign.

Use two-factor authentication
Better yet, more smart-home devices are adding two-factor authentication, which means you’re providing another piece of information beyond a password. Often it’s a randomly generated code.

After some reports of login information being exposed on the Ring doorbell device Ring, more than 3,000 users were urged by Ring to change their passwords and use two-factor authentication. That followed reports of both police and hackers gaining access to Ring video footage. Some lawsuits have been filed against Ring and Amazon, now Ring’s owner.

Rader said ADT’s doorbell video product also uses two-factor authentication. But consumers must choose that option when setting up the product. “Pay attention and go the extra step,” he said.

Consumers should know that ADT has no access to a customer’s doorbell video, Rader said. Police could only have access with a subpoena, he added.

Azarderakhsh said while two-factor authentication is better that just a password, consumers have to keep using the two factors to be effective. He said a preferable way to thwart hacking is to disconnect your smart-home devices from your internet network when not in use.

Rader said concerned consumers might consider unplugging their device at night, or when on vacation.

Manage listening
Much has been written about the Alexa device’s recording capabilities. Is Alexa listening to you? Yes, because that’s how the device works.

But Alexa’s recordings and information requests can be deleted, Rader said.

Here are Amazon’s instructions: go to “Manage Your Alexa Data”on the app. Then to “automatically delete recordings,” where you can select “off.” Then choose a time period to keep your voice recordings and select “confirm.”

Check other devices
Rader operates his Roomba through ADT’s app, which he says provides a “higher-level” of security, but he said the robotic vacuum doesn’t have to be connected to the internet to operate.

To turn off the Wi-Fi on Roomba, do a “reset” by depressing all three buttons on the vacuum cleaner – clean, spot clean and home – at once and holding them down until you hear a tone, according to owner iRobot.

The smart TV you may have bought over the holidays also can connect to the internet, which allows streaming services such as Netflix.

But smart TVs may have microphones that allow users to change the channel by voice and turn up the volume, and some have built-in cameras used for facial recognition to suggest programming, according to a recent FBI public service announcement.

“As we bring more and more technology into our homes, we need to be aware of its capabilities, its limitations, and some basic questions people should ask relative to its presence in their lives,” said Beth Ann Steele, a public information officer for
the FBI.

By Marcia Heroux Pounds, Sun Sentinel (TNS)