Everything Is Connected
We often take for granted just how many of our devices are connected to the internet today. Smart doorbells, refrigerators, lightbulbs, and even toasters are examples of our technology getting smarter to meet the demands of our ever-changing world. All of these devices connected to each other or the Internet, form the Internet of Things (IOT). These devices have become “smart” because they are collecting and sharing data over the internet. Your fitness tracker for example, might be tracking every step you take and sending that data to a server in the cloud. Unfortunately, many of these devices are built with security and privacy as an afterthought. It may seem harmless for a hacker to steal control of your refrigerator, but there are ways it can be valuable to them.
Our IOT devices have many cool features and are very convenient to use, but security is an often afterthought. To make matters worse some devices, like motion sensors, aren’t even capable of being updated. Let’s look at some of the potential security and privacy risks to IOT devices.
- Botnets – IOT devices have been hacked and used in botnets to perform Distributed Denial of Service (DDOS) attacks. In 2016, hackers used the Mirai malware to conduct one of the largest and most disruptive DDOS attacks ever. Mirai primarily targeted IOT devices to create its botnet and was able to successfully access them using a table of more than 60 common factory default usernames and passwords.
- Data Leaks – Due to the poor security of IOT devices, your sensitive data could be accessible by attackers. For example, there was an exploit with a Samsung Smart refrigerator that would compromise the owner’s Gmail credentials. Printers and scanners are also targets for attackers looking to steal sensitive information.
- Spying – IOT cameras are attractive targets for attackers that they can use to turn your own surveillance systems against you. It would be easy for them to determine your daily routine and what would be the best time to rob your home. They could also be eavesdropping to gain information that they could use to access other important assets or blackmail you.
How To Protect Your Devices
- Strong passwords are a must with all IOT devices. Weak passwords will give attackers an easy pathway to accessing your devices. Leaving the default passwords on your devices could be the same as leaving your door unlocked, since some of them are publicly available online.
- Make sure you update every IOT device than can be updated. When new vulnerabilities have been discovered, updates usually follow. These vulnerabilities are often publicly posted once they are fixed so it is important to be prompt with updating.
- Isolating your IOT devices on a guest network is also a potential way to minimize risks. If any of them get compromised they won’t grant access to your primary devices. In general, you should be making sure your network is being protected and that starts with securing your router.
- Disable services on IOT devices that you don’t need, like remote access. These services present an unnecessary security hole for attackers to use.