DIY smart home
The ultimate security option comes from constructing your smart home from the bottom up.
The logical conclusion of our recommendations so far is that the safest smart home appliances will be those you’ve built and installed yourself. With inexpensive single board computers, such as the Raspberry Pi, this isn’t only a cheaper option but can be lots of fun as well.
The Pi Zero, in particular, is perfect for home automation as it can easily be set up but doesn’t come with Wi-Fi or Bluetooth by default, which allows you to decide which networking components to add. At just £4, the Zero won’t break the bank either.
A computer by itself won’t be of much use as smart devices usually need to affect the environment in some way. If you have used a soldering iron before, the Enviro pHAT ( https://thepihut.com/products/envirophat) is a perfect, tiny add-on for the Pi Zero. It contains a huge array of sensors from detecting temperatures, pressure, light levels, movement as well as inputs from analogue devices. The Pi Hut has also provided a free Python Library ( https://github.com/ pimoroni/enviro-phat) which contains many examples including how to build a system which activates a light when it gets dark.
Smart projects
One Redditor, RedditSeph even took the trouble to wire his Pi directly into the relay of the thermostat, which allowed it be controlled from a simple web interface. As the system was built from the ground up it doesn’t look as pretty as the Google Nest Thermostat, but it can be installed by anyone with a basic knowledge of electronics.
Before you reach for the soldering iron, you want to consider installing PiHome on the Pi controlling your thermostats, if you want to set up a home heating system ( http://pihome. eu/how-to-build.html). Unlike conventional systems you can add as many ‘zones’ as you want to control the temperature in each room.
For a more advanced setup, consider investing in the SenseHAT. This add-on board, like the EnviroPy, is capable of detecting air pressure, humidity and temperature, but it also has a gyroscope, built-in compass and an LED display. This makes it suitable for a much wider range of projects—for instance, it could be used as in intrusion detection system or display the temperature around you. Due to the board’s huge popularity, the most recent version of the Raspbian OS on the Raspberry Pi has an emulator for the SenseHAT, so you can test any projects before buying. See https://www.raspberrypi.org/products/ sense-hat for more information.
If you are less comfortable with electronics, you may prefer a simpler way to make your ‘dumb’ appliances smart. One solution is by using Energie Remote Controlled Sockets. These are proprietary, but the good people of Energie have created an excellent Pi-mote control for the Raspberry Pi, which will allow you to set up its devices to work with a Pi. They are also radio controlled so don’t need to connect directly to the internet.
You can use the supplied remote to control appliances such as a cooker or, better yet, connect to your Pi securely via SSH to activate them over the internet. For Android users, the handy SSH Button app in the Google Play
“Since the IoT hack of 2016, SSH will no longer work by default on the Pi.”
Store ( http://bit.ly/SSHButton) can also allow you to automate the process of connecting remotely and for instance activating your burglar alarm.
Since the IoT hack of 2016, SSH will no longer work by default on the Raspberry Pi. This is because most users do not change the default password raspberry making it easy to hack remotely. To activate SSH, connect the Pi’s SD card to a card reader and place a file named ssh in the /boot partition. Once you have logged in, make sure also to use the commmand sudo
passwd pi to update the password. If you choose to use Energie, consider also installing the handy program fail2ban on your Pi, to disconnect users who fail to authenticate after several attempts. ( See SecuringyourSSH,p36,formoreinformation onkeepingyourPisafe.)
Building your own IoT sounds all well and good, but the next time you are seeking inspiration try to adopt a security-focused mind set when browsing the likes of
www.instructables.com or the Raspberry Pi website or looking at IoT projects in magazines. Consider how you can adapt each project to your needs while staying safe. For instance, Instructables.com user, AngusC5 kindly posted a project in July to set up a Raspberry Pi smart doorbell which takes a picture of anyone who presses the button and emails it to you. As handy as this sounds, anyone who intercepts an email will know it’s likely you’re not in the house, particularly if the doorbell rings several times. Worse still the photos of your visitors can be harvested. Ways to make a project like this safe could include hosting an email server inside your home or better still storing the photos on the Pi itself so you can review them later. If you really want to access your visitor log remotely, you can do securely via SSH.
If you have already invested in proprietary devices, such as Sonos Speakers or Google Chromecast, it’s still not too late to buy a Pi so at the very least you can run your smart home hub from it. The discovery component in Home Assistant will automatically search for these devices and add them to your network during setup. You can then focus on securing access to the Pi itself to prevent your devices from falling into the wrong hands.
Be Trump ‘smart’
Remember, where possible use ‘dumb’ appliances with analogue timers if you need to control them when you’re not around. Failing this, try to make sure your smart devices can only be accessed via your local network and don’t rely on smartphone apps when you can use a secure, cross-platform web interface. For those situations where you have to access your smart devices remotely e.g. your security cameras, try to build the devices yourself so you can customise access. If you choose an open source solution such as Home Assistant, try connecting via the dark net or at least secure your connection via SSL.
Finally, don’t be afraid to contact your smart home device manufacturer with your feedback. There’s no justification for failing to release the source code for mobile apps, for instance. The company has already made its money when it sold you the device. Don’t be afraid to ask for features you want like being able to customise access for individual users or secure access via two-factor authentication. If you read news of appliances being hacked, make sure to contact your provider to find out what has been done. Hopefully with enough awareness, smart devices can be both convenient and secure.