Can smart home devices get viruses? There’s been a lot of talk about the idea of IoT (Internet of Things) devices being infected by viruses, not least because Samsung this month recommended scanning its QLED televisions for viruses every few weeks.
Security experts from Avast and Symantec have set out to separate fact from fiction. They say that while a virus isn’t impossible, it is extremely unlikely – but there are four other ways the security of your smart home can be compromised, and we outline some simple steps you can take to reduce the risks …
Gizmodo sought clarity from Vladislav Iliushin, IoT threat researcher at Avast, and Candid Wueest, principal threat researcher at Symantec, both specializing in smart home security.
Can smart home devices get viruses?
The short answer here is ‘Yes, but.’ Some smart home devices can, in principle, be vulnerable to viruses and other forms of malicious payload.
Even Android malware designed to infect smartphones can compromise smart TVs if they run the Android operating system
And it’s not just Android devices that are at risk.
“The vast majority of IoT devices are simply underpowered computers running Linux, so yes, smart devices can absolutely run malicious payloads built for IoT,” Iliushin told Gizmodo
However, the experts stress that the risks are low because there are only four ways to get malware onto your device. Each of these is relatively easy to guard against.
The four risks, and how to guard against them
- A poorly-secured device
The main protection here is to buy devices from reputable brands. These will have a professional approach to security, and keen to protect their reputation by acting quickly to deal with any vulnerabilities discovered. We saw a good example of this recently with Nest cameras, where Google was extremely fast to block a security hole.
HomeKit certification is an excellent form of protection. Apple requires that all HomeKit-certified devices use end-to-end encryption, and are ‘mutually authenticated.’ For example, when a Philips Hue hub switches on a Hue bulb, the hub checks the security credentials of the bulb before issuing the instruction, and the bulb checks the security credentials of the hub before obeying it.
- Access to your home Wi-Fi network
Once someone has access to your home Wi-Fi network, many smart home apps allow immediate control of your devices. This is obviously particularly worrying with locks and cameras.
This too is easy to secure by having a strong password on your router, and ensuring that you have changed the default login details. For example, many routers default to admin/admin or admin/password as their administrator login.
Make sure, too, that your router is configured to automatically download and apply security updates. Most are by default, but not all.
If you want even greater security here, most routers allow you to hide the SSID. Look for an option to disable SSID broadcast. This means that your Wi-Fi name won’t even appear when people are scanning for available networks, but does mean that all your own devices will need to connect manually. On a Mac, you do this by clicking the Wi-Fi network icon in the menu bar and selecting Join Other Network. On iOS devices, you go to Settings > Wi-Fi > Other.
- Physical access to your IoT devices
Not a practical risk for most consumers – this is more something companies need to think about.
- Tricking you into installing malware
A malicious app running on a computer or smartphone is the biggest risk of all. Macs and iOS devices are significantly safer than Windows PCs and Android smartphones, but they are still not completely immune.
Best practice is to download apps only from sources you completely trust, such as Apple’s own App Store and reputable developers.