It’s likely you own one or more items that are part of the Internet of Things (IoT). This collective term is used to describe a growing number of consumer, medical, and business items that are used to sense, control, and communicate data and activities. The IoT has undoubtedly made life easier for many people and organizations. From fitness trackers and medical monitors, to WiFi-enabled appliances and smart TVs, virtual assistants (i.e. Amazon Echo – Alexa), to industrial sensors and commercial security systems, internet connectivity has made traditionally “dumb” devices “smart.”
That connectivity allows data to travel quickly and easily between IoT and “parent” devices (like laptops and smartphones), automating monitoring and documentation. Capabilities like these deliver convenience and, over time, potential cost savings:
- Consumers can take better control of their health and homes. For example, they can automatically track and record exercise patterns, remotely adjust thermostat settings for comfort and energy savings, and check on their pets or front porches while they’re at work.
- Organizations can reduce waste and improve regulation of isolated devices and processes. For example, they can use sensors to automatically adjust lighting and environmental controls, and remotely diagnose equipment problems and identify necessary repairs.
- Healthcare providers can streamline delivery of services. For example, medical practitioners can observe key health indicators and, if necessary, make adjustments to implanted devices while patients relax at home.
With IoT devices, the convenience factor is clear—but the risk of using these devices is less obvious. Many people are not aware of the privacy and security concerns associated with IoT devices—or how to adequately protect themselves. Here are three facts to help you better understand IoT issues and best practices for safe use of these devices.
Fact #1: Many Known Cyberattacks Have Taken Advantage of IoT Vulnerabilities
As far back as 2013, the doctor of then-U.S. Vice President Dick Cheney recommended that the Wi-Fi functionality in Cheney’s newly implanted heart defibrillator be disabled due to potential hacking concerns. Cheney and government officials agreed the threat was credible—and subsequent research would prove that to be true.
It’s important to realize that IoT risks are not hypothetical; many documented security incidents have stemmed from exploits of device vulnerabilities. These breaches have affected organizations and consumers alike, in ways like the following:
- Attackers were able to hack thermostats of two apartment buildings in Finland, preventing heating systems from turning on for nearly a week during a period of below-freezing temperatures.
- By hacking WiFi-enabled printers, attackers have been able to look into the printers’ memory to access sensitive documents like contracts and medical forms.
- Numerous parents have reported hacking of WiFi-enabled baby monitors, home cameras, and toys. Incidents range from eavesdropping on private conversations, transmission of explicit content into the home, and even man’s voice claiming he was in a baby’s room and was going to kidnap the child.
- There have been several instances of hackers infecting thousands of IoT devices—like lighting systems, vending machines, and DVRs—with malicious software in order to create what is known as a “botnet.” When attackers create a botnet, they can control an army of devices as a single unit and use that computing power to disrupt internet services, overpower an organization’s network, or steal data on a large scale.
This is just the tip of the iceberg with regard to reported attacks—and many more incidents have likely gone unreported. In addition, researchers have also proved out the ability for attackers to take control of everything from implanted medical devices to WiFi-enabled vehicles.
Fact #2: IoT Manufacturers Aren’t Held to Specific Security Standards
Though there have been attempts to institute minimum security standards for IoT devices, there are currently no global requirements in place. This lack of regulation has allowed manufacturers to prioritize factors such as time-to-market and aggressive price points over cybersecurity safeguards, which has left many devices vulnerable to hacking and compromise.
Here are a few key things to remember:
- Many devices use simple default passwords and PINs—like “admin” and “1234”—to allow easy, universal access for purchasers. In fact, default passwords for a range of devices can be found via a quick online search. This does simplify administrative access for IoT users—but it also makes access easy for cyber attackers.
- IoT devices frequently ship with known vulnerabilities that manufacturers address at a later date. This means that, out of the box, devices are prone to compromise and aren’t secure until software or firmware is updated (a step many consumers skip due to inconvenience or lack of awareness).
- Off-brand devices are frequently less secure than devices manufactured by bigger-name companies. Though vulnerabilities have certainly been identified in products with household names, larger players tend to be more attentive to security practices and more invested in closing security loopholes.
Fact #3: You Have the Power to Make the IoT More Secure
Better IoT choices = better IoT security. Here are five relatively simple things you can do to protect your data and devices:
- Change default passwords – If you’re not sure how, refer to the device’s manual, do an online search, or contact the manufacturer. And if your device is controlled via a cloud service, be smart about your password selection for your account.
- Check to see if updates are needed before using – As we noted, IoT devices can be sold with security issues already in place. In addition, because items can sit on shelves for months before they’re purchased, bug fixes and updates are often necessary, even for previously secure devices. For guidance, refer to your manual, do an online search, or refer to the manufacturer’s website.
- Keep your device up to date over the long term – If you have the option to choose automatic updates for your device, do so. Otherwise, make it a point to check back for updates. Manufacturers patch bugs and flaws on an ongoing basis—and so should you.
- Stick with known, reputable brands – Do your research before buying, and recognize that purchasing based on price alone can be risky. Whenever possible, opt for manufacturers that are proactive about security features.
- Set up a guest Wi-Fi network for your IoT devices – It’s beneficial to isolate home-based IoT devices (like smart TVs, thermostats, and appliances) from PCs and other data-heavy devices (like smartphones) to reduce risk. If you need advice on how to do this, start with an online search for your home Wi-Fi router model. Many devices make it easy to set up a guest network.
Do Your Part. #BeCyberSmart