Cyber Tip of the Day, Day 17. IoT Devices.

This is one of our "Cyber Tips of the Day" for work day 17 in October. If you want to get our other tips like this one daily, you can sign up here: https://www.schneiderdowns.com/our-thoughts-on/cybersecurity/technology/october-cyber-security-awareness-month

Having a smart home may not be a smart idea after all. There has been a recent explosion of consumer products that are dubbed Internet of Things (IoT) devices. These devices range from Bluetooth camera systems, light bulbs, garage door openers, virtual doorbells, coffee machines and much more. IoT devices promise to make your life easier, but they don't guarantee a more secure home environment. HP recently released results of a study revealing that 70 percent of the most commonly used IoT devices contain vulnerabilities, including password security, encryption and general lack of granular user access permissions. In most cases, an IoT device must run a very lightweight operating system for two main reasons: either the manufacturer needs to keep the cost down or the device itself is so small that it would be impossible to physically fit the hardware needed to run a more advanced operating system into the device. These lightweight operating systems are usually old versions of Linux that contain multiple well-known vulnerabilities and when you couple that with making the devices accessible over the internet via wireless or Bluetooth, it is a recipe for disaster. You might be thinking, "Who cares if someone can hack my espresso maker?" which is a valid point, but what about something like your garage-door opener or a baby monitor? In case you were wondering if that is actually possible, click here to read an interesting article. To help protect yourself, we recommend putting IOT devices on a guest network or on a separate wireless network to help prevent them from being a security risk to the rest of your devices at home. We also recommend reviewing recent third-party security reports on any IoT device (if you can find them), or asking the IoT vendor for their security recommendations when implementing their IoT device.

10/25 Update: Last Friday, there were massive internet outages across the country due to numerous hacked IoT devices that were turned into malicious bots to perpetrate the attack. You can read more about the attack HERE.