30 June, 2023

The Internet of (Insecure) Things – How to secure IoT devices

The usefulness of smart home devices is undeniable. It’s certainly helpful to see, hear and speak to whoever is at your property from your smartphone. Or turn on lights and shades remotely. But it’s also worth remembering that there are legitimate concerns about security, privacy, and propriety when using these devices. But what are the security concerns? And what’s the best way to secure IoT devices?

 

One example of IoT devices being insecure comes from Amazon’s Ring line of products.
  1. A supplier to Amazon Ring was embroiled in a hacking scandal, the scale of which remains still unconfirmed. Personal and billing data could be affected, and for those users who have not enabled ‘end to end encryption’, stored video and audio could also be compromised.
  2. Amazon provides law enforcement with audio and video footage without requiring a warrant, or the consent of the device’s owner, a huge concern for those who value their privacy.
  3. Internet of Things devices are miniature computers, much the same as your phone, tablet, or smart TV. Unfortunately, all computers will have vulnerabilities to unauthorized access if they’re connecting to the internet. Ring cameras are no exception. The devices have been subject to vulnerabilities including exposing your recordings to hackers.

 

Medical devices (Internet of Medical Things)

Everything from pacemakers to insulin pumps have been demonstrated to be vulnerable to attack by the most immoral hackers. These vulnerabilities put more than just your data and finances at risk. They can jeopardize your life or that of your loved ones.

Unfortunately, Ring is not the only IoT device with vulnerabilities. A number of other smart device brands either have been compromised, have un-addressed vulnerabilities, or are the focus of hackers because of their typically limited security features. Moreover, smart home devices are not the only ones vulnerable to attacks.

Transport

In 2015, some models of the Chrysler Jeep were found to be vulnerable to remote takeover. This could prevent the car accelerator or brakes from working, which could have been very dangerous at highway speeds. Even more concerning, the GPS systems for aircraft (and any other vehicles) can be jammed remotely or sent incorrect coordinates. With the growth of autonomous vehicles, this is an area of growing concern.

Vicarious liability

Hackers on the internet are always looking for opportunities to hide their tracks from law enforcement. One way they do this is by using other people’s devices rather than their own to orchestrate attacks. One particularly notable example of this was the 2016 ‘Mirai’ attack which compromised IoT devices worldwide and used them to disrupt much of the traffic on the internet at a massive scale.

So what do you do?

What can you do now that you know the risk with IoT devices? How can you secure your IoT devices? After all, many of these devices have become essential in our daily lives. We’ve put together a list of tangible steps and things to consider to reduce your risk of being the victim of a breach:

1. Review the location and purpose of equipment that can record video and audio. Is it in a position that could compromise your personal or business privacy? (e.g., focusing on a child’s bedroom or installed in an office where sensitive information is on the screen or printed out.) Think about what a hacker could do to harm or distress you with information gathered from your cameras, microphones, and other smart devices when making decisions about positioning and use.

2. Spend more time researching devices for a history of breaches or get an expert opinion on alternatives (a smart home integrator can help you find security-conscious solutions). Consider using systems that are not sending data directly to the internet where privacy is paramount.

For instance, more secure camera systems record to a server in your home, rather than recording straight to the cloud. Consider switching your Alexa devices to a more pro-security solution like Josh.ai for voice control. Remember: if a product is cheaper or more convenient, it will likely be less secure. 

This is particularly true of products from companies like Amazon or Google. They provide cheap devices in exchange for your data – and with that data, there is always a reduction of privacy.

3. Check if your devices will be supported for a reasonable period of time. Software updates and security fixes may need to be applied throughout the viable lifetime of your products. Working with a smart home integrator offering support packages can help ensure your devices are set up securely and updated appropriately.

4. Review and follow manufacturer recommendations to secure your IoT devices (such as enabling end-to-end encryption) and accounts periodically. Use a different password for each IoT device (we recommend using a password manager like 1Password to keep everything stored) and enable multi-factor authentication where available.

5. Consider using a VLAN in your home. Properly designed networks have multiple “VLANs” (Virtual Local Area Networks) to help protect different classes of devices. These enable groups of devices connected to your network to be partitioned into separate networks. This provides an added layer of network security. Your critical work devices live on a different network from your IoT devices, which are much more vulnerable to attack. (Learn more about VLANS in this article on the importance of cybersecurity in your home.)

Finally, if you have more than a few smart home devices, you should work with a smart home integrator to ensure your devices are set up correctly, and your home network is as secure as possible. With more of our lives being lived digitally, you do not want to leave your security up to chance. If you need help setting up your IoT devices, or want to ensure they’re protected, contact us today!

 

You might like this too.