Tips for Safeguarding your Home’s IoT Devices from Cyberattack
Home may be where the heart is, but with more and more Internet of Things (IoT) devices making their way into the home these days, it’s certainly not the safe haven it once was. That’s because IoT devices aren’t just vulnerable to attack, they are also increasingly a target of attack and for good reason.
Traditionally, security has not been a top priority in the IoT; especially when it comes to the types of consumer-based IoT devices destined for the home. Generally, that security has consisted of little more than a default password, which consumers are instructed to change prior to putting their device into operation. Many fail to do so; however, and that leaves a device vulnerable to attack the minute it goes online.
Sometimes the attackers want access to the data on the IoT device itself, but often, what they are really after is a backdoor entrance onto your network. Hackers can even leverage your IoT devices to launch distributed denial-of-service (DDoS) attacks, and you may never even know.
The scary part is that it doesn’t even require an experienced cybercriminal to perform the attack. The average person can hack virtually any IoT device with nothing more than just a Google search.
Hackers have already successfully exploited faulty software on security and baby monitoring webcams to spy on users. Thousands of smart printers have been taken over and made to print Nazi flyers. A popular smart teddy bear was shown to contain security vulnerabilities that would make it easy for hackers to get personal details about a child. Even smart light bulbs are vulnerable, as researchers demonstrated, when they used a drone to launch a successful attack. These examples are only the beginning.
Charting a More Secure Future
People are starting to fight back against the lax security in IoT devices. The California Assembly and Senate, for example, recently approved the first ever IoT Security Bill (Bill 327) in the United States. Its intent is to ensure device manufacturers equip their products with reasonable security features, that each IoT device they manufacture has a unique default password, and that users are prompted to change that password once they set up their device for the first time.
It’s a start. But this measure alone will not be enough to dissuade the next wave of hackers from trying to attack the IoT devices in your home. Fortunately, there are several things you can do today to help better secure your IoT devices and safeguard your home:
- Before you purchase an IoT device for your home, make sure you have thoroughly verified it has reasonable and trusted security features in place.
- Validate that the device’s firmware can be updated after its purchase, as new security patches become available. Some devices will update on their own, while others will require you to update them manually. If your device must be manually updated, make sure you regularly check for updates.
- Perform a quick internet search to check for known security vulnerabilities in the device you want to purchase. Depending on what you discover, you may need to think twice about your purchase. Once you do make the purchase, continue to check for any security vulnerabilities that have been uncovered.
- Before you use the device, change its default password. And don’t reuse the same password for all IoT devices in your home. You should also change the default settings on your router.
- If your IoT device offers two-factor authentication, such as a password and a one-time code sent to your smartphone, use it. If your IoT device offers an encryption feature, be sure to enable that as well.
- Don’t just protect your IoT device. You also must ensure your home network and WiFi communications are secure. You can accomplish this by using a strong encryption method (e.g., WPA2 or WPA3) for your router.
Making your home remains a safe haven in the digital world requires action on your part. After all, you wouldn’t leave your front door opened or unlocked, so why would you not take steps to ensure the IoT devices in your home are equally secured? Following the tips outlined here can provide you a good head start in accomplishing that goal. Remember, cyberattacks on the IoT devices in your home are bound to happen, but if you take the right steps now you can be better prepared when they do. Plus, you’ll have a fighting chance of ensuring your home remains both safe and secure.
By the way, October is National Cyber Security Awareness Month - check out other NCASM 2018 posts here.