Smart devices and appliances are part of our daily life, locking our homes, monitoring our fitness, lights, fridge, television sets, web cameras to name the few are connected to the internet and we can access these devices from anywhere. This includes your kid’s smart toys as well. These devices are known as Internet of the Things (IoT). These days you don’t have to worry about your kids missing the house keys and you have to rush home leaving all office priories aside, now you can open the door of your home sitting at your office desk.
Hackers have a great opportunity to launch large scale attacks because without our knowledge these devices capture lots of information and are accessible over the internet.
The dark side of these IoT devices can not be overlooked. Last year’s massive DDoS attacks (October 2016) on DYN’s servers that brought down many popular online services in the US was not launched using standard computers but the Mirai botnet used for this attack was largely made up of IoT devices such as digital cameras and DVR players. The news of Roomba floor mope is mapping your home and the map of your home may be shared with Google or Amazon. Disney sued for capturing and selling children’s data to the third parties.
This means IoT devices are providing the comfort and convenience but at the same time they are becoming threats to your personal data, these devices can lead hackers to your home as well as to organizations for which you are working.
IoT Security Concerns
IoT devices are nothing but the tiny computers always connected to the internet, capturing, processing and sharing information and this is the reason of majority of security concerns
- Continuously connected to the internet
- No security features as a part of design
- The amount and type of data captured
Broadly speaking these are the three categories we need to concern about when we speak of the IoT security.
Continuously Connected to the Internet – The devices are always connected increases the attack vector. The number of devices available can be collectively used to create the massive DDoS attack. The device’s security combined with home WiFi security can increase the likely hood of the compromise as the vulnerabilities available in home internet connection can be easily exploited.
“Any idea how much data a cow generates? Turns out not a lot, but there are a lot of cows.” — Eric Hanselman, chief analyst of 451 Research
The Tools like Shodan are like dual edge sword when in hands of protector it can help to identify and patch the vulnerabilities in you devices but in hands with malicious intention, it can be used to breach your devices and either steal the data or use it as tools for launching attacks. Being always connected, your devices are available all the time. The Internet is not secure so we can not expect the devices connected to it will be secure.
No Security features as a part of the design – The computing power of these devices and storage space available are the technical limits to have security features embedded into these devices. Adding the security features can increase the cost of these devices by multiple folds and hence manufacturers of these devices are knowingly or unknowingly ignoring to add the security features. Another big issue is all these devices are owned and managed personally so there is no way of imposing security policies and processes that can enhance the security. Example password complexity and expiry of the password.
The amount and type of data captured – All these consumer IoT devices captures a lot of data. The security camera installed in your children’s bedroom can be snooping your child activities and if compromised can send streams of data to the malicious intention people. Which TV channel you watch, which internet sites you browse, what time you are at home, how is your health ? all these data is getting continuously captured and may get sold into the market. As we have seen at the start of this article how Disney has used the toys to capture and sold that data.
How to Stay Safe?
“Prevention is better than cure”
Securing your home network is a first and most important thing which is within your control. Refer to the previous article “Proven Methods to Secure Your Home Network” for more details.
While buying devices you should be aware what features are included, like password complexity, data encryption, etc.
- Before installing your new device, visit the manufacturer’s website and download any new security patches for known vulnerabilities
- Secure your device immediately after purchase
- Do not let the excitement of acquiring a new device distract you from securing it before putting it to use
- Also, without exception, immediately reset any default passwords with secure passwords.
Configuring devices is one-time activity but making your device secure is an ongoing process,
- Keep your devices updated with patches and firmware updates provided by product manufacturer. These patches and firmware updates are released either for fixing the bugs or closing the vulnerabilities available.
- Switch off the devices when not required. You do not need cameras in your child’s bedroom to be on when you are at home, switch that off.
- The latest memory based malware will get erased by rebooting the devices, so make it a practice to reboot your devices at a regular frequency.
“Keep your devices up to date and stay safe”