From smart watches to smart homes, the Internet of Things can make life convenient. But these same gadgets may also provide a big target for cyberattackers. Let’s see what users can do to keep their devices secure.
Why security of IoT devices matters
Last year, the FBI published an article warning that Internet-connected devices can be equal parts dangerous and convenient.
IoT devices offer a number of opportunities to criminals. Hackers can use them to do the following:
- Send spam emails.
- Use the device as a staging ground for further attacks.
- Conceal evidence of cybercrimes.
- Sell illegal goods.
- Launch DDoS attacks (for instance, the Mirai botnet included one million devices).
- Steal personal data.
- Spy on users.
There are plenty of reports online of spying on families via hacks of Internet-connected nanny cams. In some cases, attackers even tried talking to kids via the nanny cam’s built-in microphone.
With smart home systems, the implications can be even more terrifying. Hacking the access control system for a home would place victims at risk of physical harm.
Very often manufacturers of IoT devices give short shrift to security. So it’s up to users to fend for themselves. With that in mind, here are key tips to be aware of.
Do not use default passwords
Too many people never change the administration password for their Internet-connected gizmos. This is a big problem. Attackers can easily guess this password or even look it up in the manufacturer’s documentation.
Therefore, we urge changing all default passwords to ones that are much more complex. In some cases the passwords are hard-coded by the manufacturer and cannot be changed. Don’t use these devices!
Turn off unused functions and devices
The more functions are active, the greater the likelihood of one being abused by a hacker. The smart thing is to switch off any functionality you are not using on a particular IoT gadget. For example, if you have a smart TV but use it mostly to play games on your PlayStation, perhaps the TV does not need a network connection at all.
Make it a habit to physically turn off devices when you are not using them. This will increase the security of your home network.
Isolate IoT devices on a separate network
You might not care if your smart TV gets hacked. But If it is connected to the same network as the PC you use for work, the consequences could be much more serious. This means that you should keep IoT devices on a separate network from the devices storing truly important data.
Use secure connections
Some devices connect by default to all available Wi-Fi networks, including insecure public networks. Such connections are risky, so turn off this feature when possible.
Setting up an additional layer of protection by using a VPN is also a good idea. VPNs provide an encrypted secure connection. It’s easier for hackers to find another victim than waste their resources trying to break through it. Today’s VPN services support many IoT gadgets, including smart TVs.
Use protection tools
Many IoT devices—such as cameras, smart locks, and sensors—do not support installing antivirus software on them directly. But this does not mean that you should give up on adding security.
Today there are special routers designed to help secure IoT devices. Usually these routers have a firewall which monitors the home network for suspicious activity. They are usually controlled from a mobile app, which shows the current state of the network and any threats.
Most of IoT device manufacturers periodically release updates to patch vulnerabilities. But statistics demonstrate that the average home router is running firmware that is three to four years old. This is virtually the same as the average age of the router itself. In other words, users almost never update the firmware of their devices.
This makes it easier for attackers to perform misdeeds. They can simply exploit one of the vulnerabilities discovered in the years after the original firmware was released. Then they can do whatever they want, such as incorporate the device into a botnet for cyberattacks. So keep an eye out for updates for your devices and, equally important, install them. If a device is no longer getting security updates from the manufacturer, choose the safer option and find a newer device that is properly supported.