In the charming movie Amelie, the heroine extracts sneaky revenge on a cruel grocer by sneaking into his house, swapping his slippers for an identical but smaller pair, redoing some lamp wiring, changing his autodial numbers, and so on. In context, her secret mission is funny — the guy deserves it and they’re gentle pranks. It’s hard not to be reminded of Amelie when hearing about ways in which smart-home devices are now being used as tools of domestic abuse, but there’s absolutely nothing funny about these stories: They’re creepy and undeniably malevolent. And until security is better nailed down, they’re the future banging on our doors.
According to McKinsey, some 29 million residences contained connected, smart-home devices in 2017. That number’s been growing at a rate of 31% each year. As AI and other technologies make it easier and easier to automate repetitive aspects of our days — and as devices get better at communicating with each other — this trend is only likely to accelerate. From smart thermostats that manage our heating needs, to refrigerators that keep track of our food inventories, to surveillance systems, to displays showing us today’s weather or our latest emails or news as we shower, our homes are becoming more and more wired. A growing number of utilities allow you to optimize your energy use by connecting your home electronically to the grid.
Unfortunately, much of this technology is vulnerable to a new kind of home invasion, its weak link being the lack of consistent, stringent security safeguards. Many of these devices are connected either directly or indirectly to the internet. There’s tremendous potential for abuse. And abusers have taken note. The Safety Net Project at the National Network to End Domestic Violence (NNEDV) has begun hearing about a chilling new form of domestic abuse, according to Erica Olsen, who told the New York Times, “People have started to raise their hands in trainings and ask what to do about this.” Olsen adds, “we don’t want to introduce the idea to the world, but now that it’s become so prevalent, the cat’s out of the bag.”
Digital harassment is growing
The Times article contains disturbing reports of some of the things that have been happening.
One woman had turned on her air-conditioner, but said it then switched off without her touching it. Another said the code numbers of the digital lock at her front door changed every day and she could not figure out why. Still another told an abuse help line that she kept hearing the doorbell ring, but no one was there. (New York Times)
Obviously, a victim might at first feel she’s going crazy before realizing what’s going on. And given that this form of abuse occurs in the home — a person’s safest place — it’s especially terrifying. If there are cameras around the home, they can be used to spy on a victim as well.
So far, reports of abuse are coming mostly from people well-off enough, or tech-oriented enough, to have begun connecting their homes and installing smart devices.
Abuse is being executed from a distance using apps installed on the abusers’ phones, and the skills required to trace an attack back to its source is well beyond the capabilities of the victims and local law enforcement. Even if the abuser is known, taking legal steps is difficult, as local courts are just beginning to address electronic intrusion as a way to get around a restraining order.
How it begins
A frequent scenario seems to be that the male in a couple outfits the couple’s home with connected devices. When the couple breaks up and the man leaves, he takes with him knowledge of the system and its passwords, giving him the ability to retain control of the environment in which his ex-partner is now attempting to move on from the relationship. (Accounts of electronic domestic abuse have so far primarily described abusive men.)
In response to the maddening loss of control — and at a loss for how to stop it — the victim may just shut down her entire connection to the outside world, becoming isolated, a psychological trap often set by abusers. And a complete shutting down of a system may aggravate the underlying situation.
What can be done to keep a smart home secure?
If smart devices are connected to a home WiFi network, owners should learn about tightening access. Encrypting passwords using the WPA2 protocol, or the just-announced WPA3 standard, and changing passwords often is always a good idea. Installing or activating a firewall — many home routers have one built-in — is also a good idea. Be sure to use internal DHCP routing in your network — DHCP publishes the internet address of your router to the world, but not those of your home’s devices. Homeowners should also develop the habit of keeping their routers updated with the latest firmware, the software stored in the router itself.
Unfortunately, if devices connect directly to the internet, there’s less you can do, but the ability to connect only through your home network is an important feature to look for when buying a home device.
Making it stop
The NNEDV has an online toolkit with information that can help a victim find a way out of this nightmare scenario.
Beyond that, manufacturers and utilities have to take security more seriously in the smart devices and connected-home products — no smart device should connect directly to the internet without going through a router, for instance.
The conveniences of a smart home and the many ways they can enhance our lives remain obvious and enticing. We just have to recognize and protect against a new generation of threats to our safety and sanity that smart devices and connected homes introduce.