We live in a connected world. Today this includes much more than traditional computers. More and more homes include ‘smart’ devices –mobile phones, fitness bands, TVs, webcams, electricity meters and more. What makes them ‘smart’ is that they are connected to the Internet using Wi-Fi and are able to send and receive data. This huge – and growing – mass of connected devices makes up the ‘Internet of Things’. The chief benefit of having connected domestic devices is convenience – we’re able to control them remotely from our smartphones
Unfortunately, if smart devices aren’t secure, others – including cybercriminals – can take control of them. Until recently, this seemed like the stuff of sci-fi movies.
There are some basic practices that should be followed by everyone, from individual consumers to the largest global enterprises. These include: using strong passwords, regularly checking for and installing software updates, and implementing appropriate security software.
Further, this approach should be applied to every connected device on the network, including routers.
There is also a role for the manufacturers of connected products and the security industry. We need to work together to ensure that strong protection and patch management is designed-in from the very start. Once a product is on the market, it is already too late.
There’s also a role for governments, in developing security standards for IoT devices. We’ve all come to expect that everyday objects – children’s toys to furniture – come with certification marks indicating that they are physically safe. In future, this will have to extend to digital objects also.
In order to help users protect their lives and loved ones from the risks of vulnerable IoT devices, we advise them to follow several simple rules:
- Make sure that the default username and password are changed; this is the first thing an attacker will try when attempting to compromise your device. Remember that even if it’s a non-smart product, such as a satellite receiver or a network hard drive, the administrative interface might be vulnerable to attack.
- Make sure all your devices are up to date with all the latest security and firmware updates. If it’s not obvious how to check for such updates, you should check with the manufacturer – applying security updates is one of the key things you can do to make it harder for attackers to compromise your device and your home network. This will also tell you if the manufacturer considers it to be an obsolete product.
- Use encryption, even on the files you store in your network storage device. If you do not have access to an encryption tool, you can simply put your files in a password-protected ZIP file – this is not as secure, but it’s still better than not doing anything at all.
- Most home routers and switches have the possibility to set up several different DMZ/VLAN. This means that you can setup your own ‘private’ network for your network devices, which will restrict network access to and from this device.
- If you’re really paranoid you can always monitor the outbound network traffic from these devices to see if there’s anything strange going on, but this does require some technical knowledge.
- Another tip for tech-savvy consumers is to prevent network devices from accessing sites they’re not supposed to access, only allowing them to download updates and nothing else.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.