Our office in South Melbourne has a smart TV, a video doorbell, and a security camera pointed at the car park. At home, there’s even more of it: streaming devices, smart speakers, cameras, a robot vacuum that knows the floor plan better than I do. With two boys at childcare, the cameras in particular feel like a necessary investment. The idea of one of those being hacked and someone watching my kids while they sleep is not something I want to think about for long.
But it happens. There was a widely reported case of an Australian mother who discovered her baby monitor had been accessed by an unknown party. These aren’t urban myths. They’re the documented consequence of connecting devices to a network without taking security seriously.
According to a Bitdefender and Netgear report covering 6.1 million smart homes across Australia, North America, and Europe, Australian households are now facing roughly 29 cyberattack attempts every single day. That’s not per month. That’s every day. Most of them are automated, which means bots are constantly scanning home networks looking for weak points, and they will find them if you let them.
The good news is that most of these attacks fail. The bad news is that they fail because of basic security measures that plenty of people still aren’t taking.
The Australian Government Has Actually Done Something Useful Here
In March 2026, the Australian Government introduced the Cyber Security (Security Standards for Smart Device) Rules 2025, which came into effect as part of the broader 2023-2030 Australian Cyber Security Strategy. Under the new rules, smart devices manufactured from 4 March 2026 onwards must meet minimum cybersecurity standards. The big one: no more universal default passwords. Every device must either have a unique password per unit or require the user to set one during setup.
This is genuinely good policy. The most common attack method used against smart home devices is simply trying to log in with the factory default credentials. Things like “admin/admin” or “admin/password.” It sounds embarrassingly simple, and it is, which is why it has worked so reliably for so long.
The catch is that the rules only apply to devices manufactured from that date. If your smart camera or router was made before March 2026, it’s not covered, and there are a lot of those still sitting in people’s homes and on shop shelves.
Change the Default Password on Every Single Device
This cannot be overstated. Every device you connect to your home network needs a unique password that isn’t the one it shipped with. Your router especially. The router is the front door. If someone can log into your router, they can see everything on your network.
Use a password manager if you’re worried about keeping track of them all. Bitwarden is free, reputable, and works across all your devices. There’s no excuse for “admin” in 2026.
Keep Your Firmware Updated
Research from Bitdefender found that 99.4% of IoT exploits target already-known vulnerabilities that manufacturers have already issued patches for. That means the vast majority of successful hacks aren’t the result of sophisticated zero-day attacks. They’re the result of people not updating their devices.
Firmware updates are the security patches for your smart home equipment. When a vulnerability is discovered in a popular smart doorbell or camera, the manufacturer releases a fix. If you don’t install it, you’re leaving a known door open.
Some devices update automatically in the background. Others require you to open the app and check manually. Set a reminder to go through your devices every few months and make sure they’re all running the latest firmware. It’s boring and takes twenty minutes. Do it anyway.
Put Your Smart Home Devices on a Separate Network
This is the tip most people skip because it requires some router setup, but it makes a significant difference. Most modern routers let you create a guest network, which is a separate Wi-Fi network that runs alongside your main one.
The idea is to connect all your smart home devices (the TV, the cameras, the smart plugs, the robot vacuum) to the guest network, while your computers, phones, and tablets stay on the main network. If something on the guest network gets compromised, the attacker’s access is limited. They can’t reach your laptop or your phone, where your banking, emails, and actual sensitive data live.
The devices don’t need to talk to your computer. They just need internet access. A guest network gives them that without handing over the keys to everything else.
If you’re with Telstra, Optus, or any of the major Australian ISPs, your supplied router almost certainly supports this. Check the documentation or just Google your router model and “guest network setup.”
Buy Smart Home Devices from Reputable Brands
This is an easy one to overlook when you’re browsing through cheap no-name security cameras on eBay or AliExpress. A camera for $15 sounds like a great deal until you realise it’s running firmware from 2019 with no update mechanism and default credentials baked in.
The Bitdefender research specifically flagged IP cameras as among the most frequently targeted devices, accounting for 8.6% of all detected IoT vulnerabilities, partly because so many cheap cameras flood the market with no ongoing security support from their manufacturers.
Reputable brands like Google, Amazon, Eufy, Reolink, and Arlo have dedicated security teams, issue regular firmware updates, and have clear policies about data handling. They’re not perfect, but they’re infinitely better than a mystery brand with no support contact and a username printed in the manual.
Use Two-Factor Authentication on Your Smart Home Apps
The apps that control your smart home devices (Google Home, Amazon Alexa, Apple Home, or whatever individual manufacturer apps you use) are worth protecting properly. If someone gets into your Google account, they potentially have access to everything connected to it.
Enable two-factor authentication (2FA) on these accounts if you haven’t already. Most apps support it, and it takes five minutes to set up. An authenticator app like Google Authenticator or Microsoft Authenticator is more secure than SMS codes, though SMS is still significantly better than nothing.
Check What Your Devices Are Actually Connecting To
This one is for the slightly more technically inclined, but it’s not as complicated as it sounds. Apps like Fing let you scan your home network and see every device connected to it, what it’s called, and sometimes what kind of traffic it’s generating.
You might discover devices on your network that you’ve forgotten about: an old smart plug you replaced, a camera from a previous tenant, or something you simply don’t recognise. Anything you can’t identify should be investigated. If you can’t figure out what it is, disconnect it.
Fing also alerts you when new devices join your network, which is a useful early warning system if something has been added without your knowledge.
Disable Features You Don’t Use
Most smart home devices ship with a bunch of features enabled by default that you may never actually use. Remote access, voice activation, UPnP (Universal Plug and Play), and cloud storage all represent potential attack surfaces.
If you’re not using a feature, turn it off. UPnP is a particular one worth addressing. It’s a protocol that lets devices on your network automatically open ports in your router for incoming connections. Convenient for some devices, dangerous because it can be exploited by malware to punch holes in your network. Most routers let you disable UPnP entirely in the settings. Unless you have a specific reason to leave it on, turn it off.
Your Router Is the Most Important Device in the House
Everything connects through it. A compromised router means everything behind it is potentially compromised. Yet most people treat routers as set-and-forget appliances, running on the same firmware they shipped with five years ago, using the default admin credentials.
Change the admin password. Update the firmware. Use WPA3 encryption if your router supports it (most modern ones do). If your router is more than five or six years old, consider replacing it. Security support for older hardware eventually stops, and a router without security patches is a liability.
Streaming devices were the most targeted category in the Bitdefender research, accounting for 25.9% of attacks, followed by smart TVs at 21.3%. These devices all connect through your router. Protect the router first, and you’ve done the most important thing.
The Reality of Smart Home Security in 2026
The threat isn’t going away. IoT malware attacks jumped 124% year-on-year in 2025, and 2026 looks set to continue that trajectory. More devices in more homes means a bigger target surface, and the attacks are increasingly automated, meaning they run constantly without anyone sitting at a keyboard directing them.
None of this means you need to rip out your smart home setup. It means you need to treat it the same way you treat the locks on your front door: with a bit of basic maintenance and the understanding that leaving things unlocked is asking for trouble.
Change the passwords. Update the firmware. Separate the network. It takes an afternoon and it’s worth doing.
