For peace of mind, do you want to secure your IoT devices?
You are not paranoid. They really are after you.
The “they” in question consists of mini armies of hackers who lurk in neighborhoods – not literally, but cyber-virtually, confident in their abilities to exploit the soft underbelly of the IoT, the Internet of Things. Nest cams and Ring doorbells, baby monitors, garage door openers and more — modern suburban and exurban miracles that give us peace of mind at home and when we are out and about.
These gadgets — long rumored, now real – convey vital information about people we cherish and things we value. You cannot put a price on peace of mind, right?
In fact, peace of mind – the perception of knowing what is going on with kids, who is knocking at the door, how that noise in the backyard that sounds like a cat is actually a prowler – does come at a price. The appearance of security simply is not security.
Is The IoT Secure?
That the IoT is porous in part reflects encryption, or the lack thereof. So many flows from how strong encryption keys and passwords are, how diligently two-factor authentication is employed, how much consumers recognize that even the coolest IoT devices are not benign. The devices may be “smart”, but they are not intelligent enough to elude attacks, hence the current spate of hacks in the wild. Pun aside, installing an Internet-connected device is no longer a no-brainer.
Federal regulators are considering new guidelines on smart TVs which, shorn of the consumer electronics hype, are essentially big, LED-driven bullseyes. Smart TV architectures are not yet set up to ward off intruders. That flat screen on your wall is hardcoded to converse with a server oblivious to the all-star cast of bad actors waiting in the wings.
Smart TVs are designed to share information about whatever apps the consumer chooses to download. Once those apps have been deployed, it has a safe bet that the manufacturer is not hardening that TV to all threats, foreign and domestic. Credit planned obsolescence. TV makers know that today’s generation will be superseded soon enough, replaced by devices with (one hopes) better security. Of course, what CE giants expect and what consumers do may not be the same thing. An older TV with spotty or non-existent encryption is ripe for hacking.
At what point does a TV stop being a security threat to the household — and to the world? Today’s IoT devices can be used for amplification attacks. That is, hackers can now tune-in in a vastly different, quite nefarious way. They can insert code to simply watch the traffic on your incoming network and send that information out to parts unknown. And if someone sniffs your network with a TV, the interloper has an unlimited amount of time to break passwords. Until encryption is universal and bullet-proof, these flat-screen gateways to Netflix and Amazon may become, if not Big Brother’s eyes and ears in your house, a criminal organization’s eyes and ears in your house.
How To Secure Your IoT Devices
You can change the channel by securing your network and devices. The front line of defense is managing network access. Begin by protecting WiFi with a strong password and encryption, setting device limits, and then opting for more advanced settings, such as MAC address filtering. Likewise, secure your computers and laptops, since they have direct access to the internal network. Ensure that all devices are up to date and equipped with current anti-malware software from a reputable provider.
Next, secure remote access to your IoT devices. Most companies now offer two-factor authentication, so make that mandatory and configure it immediately when creating an account. Establish strong passwords on these devices and never leave any defaults; avoid installing any applications unless they are absolutely necessary, and then install only from official app stores — do not “sideload.” Keep IoT devices updated, turn on automatic updates where possible, or schedule regular updates.
By following these fundamental but critical steps, you can keep your network and IoT devices more secure. Most of all, remember that security isn’t something you trot out and forget; it’s an ongoing process that you internalize and attend to, without fail.
Based in the Greater Phoenix area, Alex Artamonov is a Systems Engineer and Cybersecurity Specialist now in his tenth year with Infinitely Virtual. Skilled in VMware ESX, Microsoft Server and desktop operating systems, HP Proliant, and HP Blade servers, Artamonov holds a series of cybersecurity certifications from the University of Washington.
Artamonov first got hooked on computing at age 13. Having broken a machine in the early going, he set about fixing it and, as Infinitely Virtual customers can attest, the rest is history. While in ninth grade, he helped his local library organize its first Internet-connected PCs for public use. Growing up in an era of 14.4kbps modems, Artamonov taught himself computer security through trial and error, relying heavily on underground online forums, magazines and groups. He remains a voracious consumer of information on cybersecurity, with a special emphasis on social engineering.
- Tor+VPN Guide: How to Combine Tor Browser With VPN
- Online Security Tips for Seniors
- 5+ Golden Cybersecurity Tips for Students
- 6 Most Secure Email Service Providers
- Taming the IoT in the Wild: How To Secure Your IoT Devices - May 16, 2020