As you bring more technology into your home, here’s how to secure your IoT devices.
We live in a connected world. Globally, we’ve become a tighter community, while locally, we’ve become more global. The internet has delivered on convenience, allowing anyone with a connection to see, learn about, and communicate with any individual or business on the planet. This convenience is coupled with virtually every new tech product rolling off the line, and our homes are quickly filling up with an ever-growing universe of IoT devices.
Since the dawn of the World Wide Web, computers have been our main tool of connection. For decades, the home or office computer has been the digital battleground where cybercriminals would do their best to infiltrate and cybersecurity would do its best to defend. Eventually, smartphones joined the war zone, and mobile security rose up. For a long time, those two platforms — computers and smartphones — stood alone as our connected digital tools.
But now — do you hear it? That low, rumbling noise getting steadily louder? There, cresting the hill in droves and stampeding down towards us is an entire generation of new IoT devices hitting the marketplace: TVs, thermostats, alarm clocks, digital assistants, game consoles, streaming sticks, alarm systems, printers, light bulbs, and, yes, lots more. On one hand, the convenience is wonderful. On the other, there are critical questions that need answers: what IoT security issues do we need to worry about and how do we go about securing IoT devices at home?
The dark side of IoT devices is that they are not necessarily designed for security. The sad truth is that in their rush to get the first generation of these devices to the shelves, OEMs are more interested in cornering the market than engineering an unhackable product. Let’s take an IP camera as an example. The irony here is that you may install one of these in the name of better home security, but left unprotected, it can serve as a digital doorway that lets the bad guys in.
One of the most popular cyberattacks on IoT devices is to forcibly recruit a multitude of them into a botnet, a swarm of infected devices capable of causing great damage since it performs tasks en masse. If your IP camera were turned into one of these mindless soldiers, it could be used to launch tireless DDoS attacks, to cryptomine, and to spam, among other things.
If the cybercriminal is interested in making off with your personal data, the IoT device can be hijacked and used to dig deeper into your system. Your camera could be compromised and, because it is connected to your home Wi-Fi, used as a portal to reach everything on your network including your smartphone or tablet.
Another IoT risk is device control. If a bad actor finds its way in, it could make the device do whatever it wants — crank the heat in your house to 100, turn the television on at full blast in the middle of the night, and, yes, monitor your camera’s video feed, learning your household’s patterns.
While the industry is still new, IoT products vary greatly in make, model, software, and design. To chase each device with its own security software would be madness. The only sensible solution is to round them up and protect them as a group. Conveniently, they are already rounded up as a group — on your network. Learn and live by these 6 IoT security tips.
IoT network security begins and ends with the router. It comes with a default password, so change it right away to something complex. Aim for uncrackable. And make sure the security protocol you’re using is WPA2. This is critical and gives you a strong foundation of basic security. And, when WPA3 becomes available, use it.
Everyone’s protection is in their own hands these days, so it’s a good idea to call in reinforcements for peace of mind. IoT security products are being released in the near future, such as Avast Smart Home Security. Our own internet of things security solution is a proactive network defense that uses AI to learn, monitor, and constantly asses IoT behavior in your household, reporting anything abnormal.
This goes for any device that comes with a default password, not just your router. When given the option, always change the default password to something complicated. If two-factor authentication is available as well, enable it. And, use a Password Manager to make your life easier. Check out this post about best practices for passwords.
It may be tempting to tear it out of the box and simply punch ON, but it’s imperative to look at every connected device as more than a gadget. Each one is a possible gateway for any hacker determined enough to find a way in. When you add a new connected device, take the time to understand everything about it, including its security protocol.
It cannot be stressed enough — keep the firmware of your IoT devices updated with the latest versions and patches available. Remember, the cause for most of these updates is because a security flaw has been found and exploited in the previous version. You want to stop running that compromised version right away. Also when considering a new IoT device, take a look at its update process. Make sure it’s easy and straightforward and that you are notified when a new update is ready.
You will keep the threat surface of your household small by connecting a limited number of devices. If you don’t necessarily need your coffee maker or your lightbulbs to be “smart,” then keep using the analog classics. However, when you do get smart devices, be sure to take all the necessary steps — onboarding, setup, password change, etc.
The IoT security risks are definitely out there, but so are the solutions. There is no need to fear the oncoming horde of IoT devices and the mainstream emergence of the smart home. Simply stay alert to what you’re adding to your network, keep your network protected, and you can embrace the incredible technological age in which we find ourselves.
Read what Avast CEO Ondrej Vlcek believes can be a “big picture” solution for Internet of Things security vulnerability.
Find out what you need to know about the leak of a half-million security credentials for routers and Internet of Things devices.