Get Ready for the Internet of Unsecure Things

By Eric Payne, Senior Security Architect

Every January, the Digerati gather in Las Vegas at the Consumer Electronics Show (CES) to see, hear and touch the latest and greatest in technology. This year one of the biggest stories to come from the confab is that everything is connected. Beyond simple smart phones and smart watches, the new Internet of Things (IoT) has expanded to include smart homes and smart workplaces.

Some of the innovative trends in IoT include smart voice controls (think Alexa) and smart device interfaces (think internet-connected fridge), connected health devices and connected cars. As usual, where there is excitement and everyone is fired up, there is bound to be smoke and mirrors. Unfortunately, cybercriminals are taking advantage of the murky smoke and mirrors surrounding the IoT and turning it into the IoUT – the Internet of Unsecure Things.

The good news is that manufacturers and software companies are aware of the perils of unattended, connected devices that can fall prey to cybercriminals. Last month’s CES event included entire seminar tracks under the banner of “Deploying IoT Platforms – What You Need to Know” and “IoT and the Connected Consumer” which included topics such as trends, innovations, and more importantly for consumers, privacy.

One of the greatest concerns is that the same ability to reach Internet-connected devices in the home or office locally or remotely via Wi-Fi can also make them susceptible to hacking. Devices that have been compromised include baby monitors, air conditioners and automobiles. In fact, IoT device search engines exist that have cataloged the existence of connected devices all around the world. If these devices are unsecured — for example, if they only use the default out-of-the-box administrator password — you may be able to connect to them. If the device is a connected Wi-Fi camera — for example, a nanny cam — the privacy damages can be immense.

Don’t despair – here are some specific steps you can take to keep your home and business secure while enjoying all the Internet of Things has to offer in the way of connected devices for fun and productivity.

• Change default passwords. One of the easiest ways for even the most casual of hackers to gain access to a WiFi router or other connected device is to Google the default admin password for the device and attempt to log into it. To avoid this, make sure to change the default user (if possible) and password. We wrote about how to pick strong passwords in a recent blog post (https://bit.ly/2CRJKJv) where we offer a few suggestions to follow.
• When in doubt, disable. If the device in question doesn’t need to be connected to the internet, for example a baby monitor that you are watching from another location in the same home or a WIFI-connected camera or DVR player that is already connected to your router, disable or limit remote access. As I mentioned before, IoT device search engines exist that have compiled lists of connected devices by type. By disconnecting potentially vulnerable, but unnecessarily connected, devices you can ensure privacy.
• Learn about the devices you purchase. It’s exciting to take advantage of the connected devices that you purchase, but be aware that these devices are designed to be easy to use, which usually means they may also be more easily compromised. Take time to review your device documentation, search the internet to see what device vulnerabilities may exist and take steps to secure the device including using strong passwords that you change frequently.
• Make a firm(ware) update. Device manufacturers are aware of security issues and often publish “firmware updates” or security patches to keep hardware as secure as possible from new threats. You can help by enabling automatic updates on your devices. Keeping your device up to date makes sure your device has the strongest security possible.
• Turn the tables on hackers by scanning your own network. You may have vulnerabilities in your WIFI network that you are not even aware exist. To make sure that you know each and every connected device on your home or office network, use a WIFI scanning tool. One that I like is Kaspersky IoT Scanner which is available as an Android app. It can scan any network that you are permitted to connect with to discover what other devices at home or in the office are connected to the internet. It also highlights potential vulnerabilities, such as open internet ports that you may need to secure. Learn more here: https://bit.ly/2xd9i4a

Connected devices offer a wide range of useful capabilities that extend your play and productivity. Just be sure they also extend your privacy when you are using them at home or in the office.