When it comes to smart device security, generally speaking, a smart device will be slightly less secure than the cloud account and WiFi network that it is connected to.
Why” slightly less secure? “
There are two main ways that a smart device could be compromised: Remotely from anywhere in the world using the connected cloud account, and by someone who has hacked into your WiFi network.
The connected cloud account is the most widely accessible attack vector as it can be accessed from anywhere in the world. A compromised cloud account will give an attacker access to your devices without having to actually “hack” the device itself.
Conversely, if you have a nefarious neighbor who is able to guess the password to your WiFi network, they will be able to access your device directly and attempt to log in locally or exploit security vulnerabilities on the device itself.
A cloud account with a strong, unique password and MFA enabled, combined with a strong WiFi password, are your first lines of defense and will considerably improve the security posture of your smart home devices. (Click here for a list of password managers that I recommend.)
However, each smart device may have additional “features” or security flaws which add additional security risks even with a secure cloud account and WiFi network – hence “slightly less secure.”
For example, some devices use a technology called UPnP, or “Universal Plug-n-Play” to expose themselves directly to the internet. UPnP is enabled by default on most home routers and makes setup easier for some devices. However, it introduces additional security risks as well. Disabling the UPnP feature on your router is a great way to further improve the security of your smart devices.