Ask an average person how many computers are in their home, and they will guess low. Not only are obvious things like internet routers and smartphones “computers,” but so are DVRs, devices for streaming internet to a television (or, in some cases, the television itself), smart fridges, digital cameras, even your car. The list goes on and as smart home devices become accessible to most, the number of internet connected devices now exceeds the number of people on the planet.
The problem with this is that anything connected to the internet can be hacked. This can have serious consequences. For example, in October 2016, a huge DDoS was launched on a service provider. You may have noticed that Netflix and Twitter went down. This attack was done using a botnet of IoT devices, mostly cameras and DVR players.
Webcams, both in computers and separately – they are often now used as baby monitors – can be used to spy on their owners. And, in an experiment, researchers were able to take control of an SUV. There have also been industrial hacks against infrastructure.
The two largest concerns for users are their devices being used as bots and their personal data being compromised. Too many of these devices have hard coded user credentials that can’t be changed and send data in an unencrypted form.
In some cases, this has even included user credentials. Hackers can simply read lists of default usernames and passwords and gain access to thousands of devices. In some cases, as with the SUV hack, a security breach can result in physical danger for you and your family (Some medical devices are also vulnerable, including certain heart monitors).
So, what can you do?
How to Secure Your IoT?
We all want the convenience of smart home devices, but it’s important to practice good cybersecurity.
If your device has a password or PIN number, change it from the default as soon as you start using it. The Mirai botnet that took down chunks of the internet relied on devices that still had default passwords set. Follow the same rules as for any other password – use a strong password, use different passwords everywhere and change passwords frequently. Avoid, if possible, devices with hardcoded passwords that cannot be changed.
- Make sure devices are updated regularly
With some devices, this may not be under your control, so be ready to put pressure on companies to keep things up to date.
- If your devices are connected to a router, make sure the router is secured
Change the router password from the default and leave the internet settings be unless you know what you’re doing. Make sure port forwarding is disabled.
- Research your devices
If something is unusually cheap, it is likely designed with poor security features (and may be cheap in other ways). Pay a little bit more. Look at the security assurances offered by the manufacturer.
- Always use https when connecting to the web interface for smart devices
Especially when traveling, consider using a VPN. You might not be worried about somebody hacking into your DVR and deleting a show, but DVRs are particularly vulnerable to being used as bots due to their storage capacity.
- Avoid storing your backups on mobile phones
If you must, then take good care of your phone and, if possible, enable two form authentication such as biometrics.
- For particularly important devices, such as industrial technology, consider tamper proofing
Some devices can be designed to kill the internet connection and wipe local data if it is physically damaged.
- Consider why you are getting a device and whether the added convenience is worth the risk
This is particularly important with those “cool” and “fashionable” wearables. Smart baby monitors are also something to think about. There have been incidents of pranksters hacking into these monitors and using them to make scary sounds at the poor child. Consider whether an old-fashioned radio monitor is better, and if you do want a smart one, do your research.
- Locate smart home “hubs” carefully
As it is relatively easy for them to be hacked to listen to your conversations, avoid putting them in children’s bedrooms or a home office where you might be taking or making business-related phone calls.
- Consider using a VPN
That way even your ISP can’t monitor IoT-related traffic (unless they’re also your cable provider, in which case they will still be able to tell what you’re recording on your DVR). Researchers have found that with many devices, packet sniffing can determine things like when an appliance is turned on or even the user’s sleep patterns. This is information burglars love. If you have IoT devices, they will not be able to run VPN clients. You will need to configure VPN on your router and also on your smartphone, tablet, and laptop.
- Lobby for security standards to be applied to IoT devices
Right now there are no rules that prevent companies from setting the pin for every device to 1234 and not allowing users to change it. Sadly, I am not making this up. Also, there are no security certificates, often making it hard for users to tell if they are secure or not.
Get Surfshark for $1.99/mo
30-day money-back guarantee with every planBuy NOW