The smarter your home, the more vulnerable it is to attacks. Many of us love the convenience of automatic door locks, security cameras, and smart assistants. Unfortunately, these internet of things (IoT) devices provide an opportunity for hackers to breach your network and cause you harm.
This IoT and security guide will help you learn how to secure your home’s IoT devices to stay safe from internet of things attacks.
So, what is internet of things security?
The term “internet of things” refers to a network of devices containing sensors or technical components that allow them to access the internet to communicate with servers or other devices. These devices provide convenience and automated services to the owner. Many of these devices operate without human intervention, and most of them collect data and deliver it to remote servers.
IoT devices include smart fridges, smart coffee makers, automatic garage door openers, smart locks, internet-enabled cameras, smart TVs and remotes, and smart assistants like Google Home, Alexa devices, and Siri HomePod.
Some uses for IoT devices include:
- Home automation to unlock doors, turn on lights, set the temperature, and play media
- Healthcare to monitor a patient’s medical information and report the status to doctors or healthcare professionals
- Smart cars that have access to mobile apps, streaming movies and music, paying tolls, and automating travel functions
- Wearables like smartwatches that can monitor health information, send texts, send emails, and look things up on the internet
Internet of things cybersecurity is a critical component of keeping IoT devices safe. Most IoT devices are equipped with sophisticated technology, but not all are designed to protect against outside threats. As a result, IoT devices are swiftly becoming primary targets of malware and ransomware. Now, manufacturers are scrambling to update firmware to safeguard these devices.
What are some potential IoT security risks?
Internet of things security should be a concern for all consumers. Most of us have at least one IoT device within our homes, leaving us exposed to online threats like:
- Hacking/network intrusion
- Device hijacking
- Unauthorized IoT device access
The more significant issue is that many IoT devices are connected to a more extensive network, which could be affected if one of those devices is compromised.
The challenges of securing IoT devices
Manufacturers of IoT devices have only recently prioritized IoT cybersecurity. Thus, compared to computers and mobile phones, many IoT devices in use are vulnerable.
Some of the biggest challenges are:
- Vulnerable software and firmware. Due to the small size of many components, they cannot maintain powerful security protection.
- Insecure communications. Data sent between devices or to and from servers is not encrypted, exposing the information to bad actors.
- Data leaks. IoT devices collect information, and that data could be at risk of exposure or theft. To make matters worse, some smart devices send user data without any consent.
- Malware risks. Smart TVs and smartwatches are most at risk for malware.
- Cyberattacks. DoS, DoSL, device spoofing, physical intrusion, and app-based attacks are the most common.
The worst IoT attacks in history
Unfortunately, before manufacturers took notice of IoT security, hackers were able to pull off a few major attacks. The following are just a few.
The Mirai botnet
In October 2016, hackers used a large IoT botnet to disable DNS service provider Dyn. This single attack crippled vast sections of the internet and even affected media giants like Netflix, Twitter, CNN, and Reddit.
The botnet was named Mirai after the malware used to infect the IoT devices, many of which had outdated firmware and weak passwords, making it easy for cybercriminals to take over.
Bad actors do not discriminate; they will attack anyone, as evidenced by the attack on St. Jude Medical pacemakers in 2017. Cyber experts discovered the vulnerability in the transmitter used to communicate with the outside world and exploited it.
TRENDnet webcam hack
Manufacturer TRENDnet got into hot water when experts discovered that the company’s SecurView cameras were vulnerable. In fact, anyone who could find the IP address of a camera could look through it and spy on the user. Even worse, the FTC reported that TRENDnet had been transmitting users’ login information online without encryption as clear, readable text.
Back in July 2015, a team at IBM demonstrated how easy it was to hack the onboard software of a Jeep SUV and take over the vehicle, speeding it up, slowing it down, and turning the wheel at will. They discovered the vulnerability in the firmware update mechanism.
Best practices for securing IoT devices in your home
Although the threats are real, you can take action to secure your IoT devices as much as possible using the following best practices.
Secure remote access to IoT devices
First, secure remote access to your IoT devices by changing the default password to something long and complex. If you can change the username, do that as well.
Keep firmware updated
Whenever you see a firmware update available, install it as soon as possible. Many of these updates patch security vulnerabilities.
Use tamper-resistant hardware
Not all attacks originate from remote sources. To mitigate the chance of an attacker physically tampering with a device, install protective shields for outdoor cameras and other exposed hardware.
Use top-of-the-line devices
We all like to save a buck, but you can’t put a price on security. When shopping for IoT devices, choose the ones with the best reputation when it comes to security. Do your research before buying to ensure that the device uses military-grade encryption for data transmission and remote access.
Turn on MFA
Always turn on multi-factor authentication (FMA) on apps and accounts that control your IoT devices. MFA adds an additional layer of security so that bad actors cannot access your devices without your consent.
Segregate your IoT devices
One of the greatest risks associated with IoT devices is potential access to your home network. Fortunately, you can choose to segregate your IoT devices on their own secure network to separate them from your home network.
Keep a close eye on your personal info
Find out how the device company uses your personal information and restrict access whenever possible. Guard your personal information closely, and don’t give out anything more than what is required.
Turn off internet access
If you don’t need your IoT device to contact the outside world, consider turning that feature off and using it as an internal network device. You may want to restrict Bluetooth access as well, as it’s less secure and more vulnerable than Wi-Fi.
Configure your firewall
Configure your network firewall to restrict external traffic coming into the home. Although this may prevent IoT devices from performing certain functions, it’s better to be safe than sorry.
Even a single data leak through an IoT device can result in compromised security, identity theft, and financial ruin. Consequently, consumers must do all they can to protect themselves, their home networks, and their personal information. Follow these best practices to keep your home IoT devices safe and sound.
This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc., Amazon.com Inc., or Google LLC. HomePod is a trademark of Apple Inc. Alexa is a trademark of Amazon.com Inc. Google Home is a trademark of Google LLC.