Not over the top, but the possibilities probably aren’t as great as you fear, either.
Let’s consider some possible scenarios:
Local Thieves. you are an ordinary person who lives in an ordinary house in an ordinary neighborhood. Someone wants to break into your house and physically enter it. The odds are it would be way easier for them to kick in a door or break a window Then try to hack your system. Granted, there are some impressive magic trick type hacks that get written up in journals from time to time but very few of them would be practical for your typical sneak thief.
Now if you are a very wealthy or famous person or you have a malicious ex or family member who is specifically after you, that’s a different kind of situation. But in that case you’re not going to be looking at smartthings in the first place.
Clockwork Orange type gangs. some malicious scriptkiddies randomly attack your system just to create chaos. Their goal is to see your individual suffering even if it doesn’t financially benefit them.
The most common type of these attacks are based on you having used the same user ID and password on multiple sites and some dark website having this pair available for sharing or sale. This is what has led to almost all of the recent Ring attacks in the news, for example. The Ring system itself wasn’t hacked, The attacker got the password based on the people having used it on a different site And they just randomly went around trying a big list of these until they got one that worked.
Most camera systems and security systems, including ring, offer optional “two factor authorization” (2FA) Which eliminate this attack vector, but again the people in the news didn’t have that turned on.
My personal advice would be to never buy a camera system that doesn’t offer two factor authentication and always use a password generator so you have a different password on every site. That will avoid most of these kinds of attacks from People who just think it’s funny to scare random other people.
SmartThings does not offer two factor authentication, btw.
Thieves looking for something virtual of value may use an unsecured home automation vector to get into your WiFi network, Looking for banking or credit card information or potential identity theft information. They don’t need to ever be physically at your house.
This is a real if Uncommon threat. It requires much more skill than reusing a password. For this one you have to weigh the likelihood of it happening versus the potential loss.
To be honest, most people just shrug their shoulders about this one and go on with life, assuming they won’t be the one who gets mugged this way.
I would probably feel that way as well if I were the only one using my home network, but I have two housemates who are pretty typical guys under 35 and go to some fairly sketchy sites that I don’t want anywhere near my own financial information. So I run separate networks. But not many people do if you’re just worried about random stranger attacks.
Again, if you are wealthy, famous, or have a malicious person who might be specifically after you you would want to take more precautions.
Mass destruction attacks. Anarchists or threats from foreign nations who don’t care about your individual response to their activities (unlike the sadists in 2 above) Figure out a way to just crash a whole bunch of systems at the same time. The equivalent of turning all the traffic lights green or poisoning the water supply.
We don’t like to think about it as a possibility, but it is a possibility. So then you have to look at protecting yourself from the potential damage. Which really is the exact same damage you would have just if an individual company’s system glitched really bad. (A far more likely occurrence.)
So how do you protect against that? You have a plan for backing up and securing any information you don’t want to have to rebuild from scratch if everything does go bad.
You deploy your devices in a way that they won’t cause physical injuries if they go on or off unexpectedly.
I personally don’t put anything on Networked home automation That wouldn’t be safe to have run for 24 hours unattended.
And I don’t put anything on it that might kill somebody if it started unexpectedly, including power tools and garbage disposals and cars.
I don’t put an isolated heating or cooling system on a room where the person who sleeps there is not capable of getting up and readjusting it themselves. (Whether it’s an infant or a person with a disability.)
I only use UL or ETK rated devices if they are going to be wired into the mains.
But if the anarchists (or PGE ) take out all power or any subset of my home automation system for a few days, we should be able to manage. And if any part of it turns on again unexpectedly, it won’t be a disaster.
There’s no real way as an individual to prevent this option from happening, but you can use planning to reduce any potential damage if it did happen.
Government uses your home automation system to spy on you or to gather data that you wish they wouldn’t. I’ll be honest, I have concerns about this in general in terms of the laws that get passed, but I just don’t worry about it as an individual risk.
I do make some choices about which companies I will do business with, even for their free services, but it’s not about anyone specific threat, it’s about their general corporate philosophy.
If this particular issue worries you as an individual, again, you aren’t likely to be using SmartThings. You’ll be looking for something that runs totally locally and stay off the Internet.
Now how much any of those five options will bother you specifically is just a personal issue. You might care about all of these. You might care about none of them.
The following thread talks about some of the specifics you can do in your planning in regard to a SmartThings system.
How to: Planning for Outages
But mostly keep your device software up-to-date, don’t reuse passwords, understand the risk from other people in your own house like my roommates, and plan your device deployment so no one will be physically harmed if it does or doesn’t work when expected. And you’ll probably be fine.