X
CNET logo Why You Can Trust CNET

Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement

  • Home
  • Home Security

You've Heard About Smart Home Hacking: Here's How It Works and How Likely It Is

Smart home hacking exists, but it's probably not the threat you think it is. Here are the facts, the best practices to keep you safe, and more.

Headshot of Tyler Lacoma
Headshot of Tyler Lacoma
Tyler Lacoma Editor / Home Security and Smart Home
Tyler has worked on, lived with and tested all types of smart home and security technology for over a dozen years, explaining the latest features, privacy tricks, and top recommendations. With degrees in Business Management, Literature and Technical Writing, Tyler takes every opportunity to play with the latest AI technology, push smart devices to their limits and occasionally throw cameras off his roof, all to find the best devices to trust in your life. He always checks with the renters (and pets) in his life to see what smart products can work for everyone, in every living situation. Living in beautiful Bend, Oregon gives Tyler plenty of opportunities to test the latest tech in every kind of weather and temperature. But when not at work, he can be found hiking the trails, trying out a new food recipe for his loved ones, keeping up on his favorite reading, or gaming with good friends.
Expertise Smart home | Smart security | Home tech | Energy savings | A/V
Tyler Lacoma
7 min read
A tired woman stares at a black laptop on a kitchen counter at home.

There are many protections against home hacking, but your own practices are some of the most important. 

 Olga Pankova/Getty Images

You may have heard the recent news of over 100,000 Korean home cameras being hacked to spy on people, and I wouldn't blame you if news like that makes you worry about smart homes and how safe new devices are. While that kind of intrusive cybercrime sounds very frightening, I have some good news. 

First, home "hacking" is incredibly rare and often comes from someone you already know. From what we can tell, the Korean hack was primarily due to bad user practices like poor passwords, and was carried out by only a few people. Modern, reputable brands of smart locks, home security systems and other tech are always updating their security to protect you against attacks, including the latest AI promptware vulnerabilities. 

Let's break it all down to give you valuable info as well as some peace of mind. 

Best Outdoor Smart Home Security Cameras See at Cnet

How smart homes can – and can't – be hacked

The Abode security hub sites on a white desk with the sensor and fob, while someone types on a computer in the background.

Abode offers a compact home-security kit.

 Abode

First, "hackers" or, to be more accurate, cybercriminals are unlikely to be driving around scanning for vulnerable smart homes using nefarious gadgets. Wi-Fi ranges don't usually reach far enough for this to be effective and it would take a lot of effort for slim returns. There are some reports of major companies like casinos being hacked via smart devices, but very few are trying to Ocean's 11 residential homes.

Likewise, burglars interested in breaking into your house don't appear to be investing in the software or equipment needed to hack a smart lock first. There are very few reported cases of smart home security systems being hacked or electronically disarmed for petty theft. A low-tech approach is easier and more realistic. Most attempt to break unguarded windows or check for unlocked doors. Some may spy on homes first, but that's as high-tech as they get. So how do smart homes get hacked? Here are potential avenues of attack and how they work (or don't).

Read more: Best Home Security Systems of 2025

1. Widespread automated online attacks

These automatic online attacks from around the world scan-test nearly everything hooked up to the internet to see if accounts can be broken into, usually with brute-force password guesses that bombard devices with billions of various login attempts, hoping one makes it through. Then the attack infects the device, adding it to a botnet for future cyberattacks or generalized data theft. A human cybercriminal rarely tries to seize control of your device. These mass online attacks are the context behind the oft-cited Which? study that found smart homes face up to 12,000 hacking attempts per week (one succeeded, on an ieGeek camera).

This is a crucial reason to protect your account with updated passwords, but it doesn't mean anyone is intentionally targeting your smart home or that device security is inherently weak. Bots are only fishing for whatever basic login vulnerabilities they can find on any available online system or account.

2. Phishing messages

Password data phishing, hacker attack prevention vector concept

Protect your logins and passwords to keep criminals off your Wi-Fi network.

 iStockphoto/Getty Images

It's not as common as other types of phishing, but some phishing emails or texts may pretend to come from your smart home security company. Giving them personal information like account logins or clicking their fake links (to malware designed to take over) may give cybercriminals access to devices they wouldn't otherwise be able to reach. And even generalized phishing attempts may lead criminals to your Wi-Fi network, through which they may be able to find and control connected home security devices.

3. Company-based data breaches

In this case, cybercriminals use brute force and similar attacks to target servers and networks where IoT companies keep information about smart home users in databases, including account login details, personal info about location and addresses, and camera footage stored in the cloud. It's a frequent target because data thieves could seize so much data at once, which is why you see headlines about major data breaches on a painfully frequent basis.

It's unlikely that the stolen data will lead to smart home device hacking, but it can put your accounts at risk, and some cybercriminals may try to use that data however they can, which we'll get into more below.

Read more: A Record $12.5 Billion Was Lost to Internet Crime in 2023

4. Monitoring smart home data communications

As recently as the early 2020s, Internet of Things and smart home devices were found vulnerable to man-in-the-middle type attacks where criminals could spy on the data packets that smart devices were sending back to the internet. Smart devices send all kinds of data about their current settings and receive data back in return. With the right malware, a cybercriminal could potentially monitor this data and try to change or block it.

In practice, this simply doesn't happen. Criminals aren't in a position to do this to a smart home. Even if they were, today's smart home tech uses encryption practices and advanced protocols like Thread that make it useless. It's an example of how scary-sounding vulnerabilities don't actually make it into the real world.

Best DIY Home Security Systems of 2025 See at CNET

5. Bluetooth malware

This type of malware, like the BlueBorne attacks, enters through a poorly secured internet connection and uses Bluetooth capabilities to hack other devices, including phones and smart speakers. When these vulnerabilities became infamous in the late 2010s, companies quickly updated their security and Bluetooth encryption practices. We don't currently see many Bluetooth-based vulnerabilities (although some briefly crop up), and like man-in-the-middle attacks, they don't lead to smart home problems.

Who's trying to hack your smart home?

A women looks a lock alert on her phone while at a gray table with a laptop and latte.

Smart home hackers aren't always random people: They can be security employees and often someone you know personally.

 Oscar Wong/Moment via Getty Images

If burglars use the physical kind of brute force, and black hat hackers are usually busy elsewhere, who exactly is trying to hack smart homes these days? Let's narrow it down to common culprits.

  • A relation or acquaintance: Lots of troublesome smart home "hacking" comes from relations, exes, estranged roommates and others that already know the smart device logins or otherwise had access. They use that previous access to spy or cause trouble on purpose. That's a sign to update all login passwords and possibly file a police report.
  • An untrustworthy company employee: Many home security data breaches come right from the company itself, usually in the form of an employee who's snooping through camera feeds like this ADT technician. As with interference from past acquaintances, little real hacking is required, and the objective is usually more malicious or pervy than monetary.
  • Data thieves looking to sell: These thieves are trying to scoop up as much personal data as possible, anything from addresses to login info, so they can sell those lists in the shadier parts of the internet. This data can be passed along to others who may attempt to use it for malicious purposes or resell it. This is why it's important to update your passwords when you're notified of a security breach.
  • Potential blackmailers: The story goes that persistent cybercriminals attempt to seize control of smart home cameras and then threaten to do something unless you pay them. They may try to lock you out of your security system or claim they have compromising video footage of you. This is something of an urban myth: In most cases, people spam lies about a hack and hope someone will fall for it.
  • Foreign governments: Government-backed entities aren't interested in spying on you personally, but they may want to collect as much information about other nations and their citizens' behavior as possible. That can sometimes lead to hacking attempts or security backdoors: Fortunately, the FCC currently keeps a list of companies that are prohibited from selling security devices in the US because of this risk (other countries have similar lists), including Huawei, Dahua and ZTE. Check these lists before buying foreign home tech products.
A password page on the iPhone

iOS 17 has a new feature that allows you to create a group to safely share passwords and passkeys with across their devices.

 Nelson Aguilar/CNET

How do you protect against potential home security hacks?

    As you can see, while highly targeted attacks are unlikely, smart homes can be subject to broader hacking attempts. Fortunately, the vast majority of these attacks can be thwarted by basic security practices. Here are a few easy things you can do.
  1. Set strong passwords: Long, complicated passwords for your smart device app accounts and especially your Wi-Fi router are your best move against botnets and other online attackers. That doesn't have to be a headache these days, especially if you enlist a good password manager that generates strong passwords and saves them for you for quick access.
  2. Enable two-factor authentication whenever possible: More and more brands, such as Ring and Blink, automatically use TFA to secure accounts during setup, which is a great step in the right direction.
  3. Trust brands that use strong encryption: End-to-end encryption will go a long way toward protecting your data. Review security and privacy policies before making a final choice about a home security product. For example, Arlo, a popular manufacturer of DIY home security devices, shows healthy signs like penetration testing, third-party research, membership in the Connectivity Standards Alliance and details on its encryption practices.
  4. Store your data locally: If you're worried about wide-scale data theft, look for security devices that allow you to keep data off the cloud and company servers, including security cams from Lorex, Eufy and TP-Link Tapo cameras. On that note, consider keeping security cameras away from more private areas like your bedroom.
  5. Update your smart devices: Keep your apps and firmware consistently updated to patch any problems. Enable automatic updates if you can, so you don't have to think about it. If you have a smart device that's several years old or older, it may be time to consider replacing it with a new model that's compatible with the latest protocols, such as Matter and Thread.
Best Cheap Home Security Cameras of 2025 See at CNET

We'll keep you updated at CNET Home Security if we find serious problems with brand security and if any of our recommended companies have issues, like Wyze's past security mishaps that gave strangers a view into other people's homes.