On a quiet suburban street, a modern Australian home wakes before its owners do.
Author
- Yang Xiang
Professor, Computer Science, Swinburne University of Technology
The lights turn on automatically, the thermostat adjusts to a comfortable temperature, and the coffee machine begins brewing. A doorbell camera watches the front yard, a baby monitor streams live footage to a parent's phone, and a smart speaker waits for its next command.
This is the promise of the smart home: convenience, efficiency and peace of mind.
But behind this smooth experience is a hidden risk: every connected device can also be a way for cyber attackers to get in.
The Australian government has responded by introducing minimum security standards for smart devices to better protect households in this increasingly connected world.
These standards recently took effect. So what's in them? And are they sufficient to keep people safe?
Starting with manufacturers
From my experience working in cybersecurity , I've seen that security risks start from manufacturers themselves.
Many smart devices are not designed with security as a priority. Manufacturers often focus on keeping costs low, releasing products quickly, and making them easy to use. Security is treated as an afterthought.
For example, many devices arrive with weak default passwords such as "admin" or "1234", which users rarely change. This creates an easy opportunity for attackers to gain access.
The Mirai botnet attack in 2016 clearly demonstrated the risks. In this case, hundreds of thousands of insecure devices such as doorbell cameras were hijacked to launch massive "distributed denial-of-service" (DDoS) attacks. This is a type of cyber attack where many computers or devices are used together to overwhelm a website, server, or network with traffic, so it becomes slow or completely unavailable to legitimate users.
More recent research has shown smart home devices can be exploited not only to disrupt systems but also to spy on households. In some cases, strangers have accessed baby monitors, and poorly secured cameras have exposed private footage online.
Another major issue is the lack of regular software updates.
Many low-cost or older devices don't receive ongoing security patches, which means known software vulnerabilities remain open indefinitely. Attackers actively scan the internet for such devices, exploiting weaknesses at a large scale. Cloud-connected and AI-enabled systems amplify risks.
The consequences of these weaknesses go beyond individual households. Compromised devices can be used as part of larger cyber attacks, forming botnets that target critical infrastructure or businesses.
In effect, an insecure smart lightbulb or camera can become a building block in global cyber crime operations.
What are the new standards?
In response to these growing threats, the Australian government has begun introducing mandatory minimum security standards for connected devices.
These standards took effect earlier this month. They aim to establish a baseline level of protection across all products entering the market.
While the details of these standards may evolve, the key ideas are clear.
First, devices must not use universal default passwords. Each device should either require users to create a unique password during setup or be shipped with a unique credential.
Second, manufacturers must provide a clear vulnerability disclosure policy, allowing security researchers to report issues responsibly.
Third, there must be transparency around how long a device will receive security updates, so consumers can make informed decisions.
These changes shift some responsibility from users to manufacturers. Instead of expecting consumers to fix security problems themselves, devices must be designed to be safer from the start.
In practice, this means fewer vulnerabilities and greater accountability across the industry.
Regulation alone isn't enough
However, regulation alone is not enough. Household behaviour still plays a critical role in maintaining security. Fortunately, some of the most effective steps are simple.
Changing default passwords to strong, unique ones is one of the most important steps. A strong password should be long, complex and not reused across multiple devices or accounts.
Enabling multi-factor authentication wherever possible adds a second layer of defence, making it significantly harder for attackers to gain access.
Regularly updating device firmware , also known as "software for hardware", is equally important. Firmware updates often include patches for newly discovered vulnerabilities, and delaying them leaves devices exposed.
Users should also consider their home network design. Placing smart devices on a separate network, such as a guest wifi, can help isolate them from more sensitive information on personal or work devices.
Finally, choosing reputable manufacturers matters. Companies with a strong track record of providing ongoing security updates and transparent policies are generally safer choices than unknown or low-cost alternatives.
Smart homes are becoming an integral part of everyday life, and their benefits continue to grow. But as intelligence and automation expand, convenience must not come at the expense of security and trust.
With stronger standards, better-designed devices and more informed users, it is possible to enjoy the benefits of smart homes without exposing ourselves to unnecessary cyber risks.
Yang Xiang receives funding from the Australian Research Council.
