The Security Risks of IoT Devices and How To Fight Back
The year 2020 has always had a sci-fi ring to it with all the IoT devices.
While this continued, explosive growth is excellent news for consumers and manufacturers alike, with this increasing connectivity comes to the apparent risk of security breaches.
We’ll look today at how your smart home might be vulnerable to attack. This is not an alarmist look at improbable outcomes but a straightforward breakdown of some of the drawbacks of the Internet of Things.
The good news?
We’ve also got some simple countermeasures so you can fight back. Here at Smart Home, we’re all about bringing you solutions and making your life easier every step of the way through your connected home.
How Could Your Smart Home Be Vulnerable?
Unfortunately, while the Internet of Things (IoT) devices
are remarkably convenient, they offer cybercriminals yet another point of entry
into your home.
Digital assistants have invaded homes worldwide in the form
of Echo and Google
Home devices. Are they safe? If you’ve shared sensitive information like
passwords or bank details, the chances of compromisation are likely in the
event of any form of digital intrusion.
The same goes for smart thermostats since they often come with Home/Away modes making it plain to a hacker when you’re out of town.
Is your baby monitor vulnerable to someone who wants to
hijack your webcam? Maybe. Like many of the threats we’ll be highlighting, this
is improbable, but that doesn’t make it impossible.
Cybercriminals can gain access to your smart home through malware. Last year, the VPN filter malware infected 500,000 routers across 50 countries so this threat is clear and present. At the lowest level, you might find network traffic congested or blocked. This malware can also steal your passwords and collect other information through your router. Symantec offers a free online tool to check your router against this infection.
Back in 2016, the Mirai botnet hijacked the power of
hundreds of thousands of IoT devices launch larger scale cyber attacks on
PayPal, Netflix, and Spotify.
These are just a few ways in which your smart home could
potentially be penetrated. We now move to a basic blueprint for making your
smart home safer.
Why Are Smart Homes Vulnerable?
The root issue is that most connected devices don’t place a premium on baked-in security. Routers and cameras, in particular, are among the most attractive targets for hackers.
Often, the default passwords – these can sometimes and inexcusably be hardcoded – are weak and easy to exploit.
Systems are not hardened, and often there is poor provision
made for updating software.
What can you do about this, though?
General Guidance for Securing Your Smart Home and IoT Devices
smart home begins with a secure WiFi network so think about these simple steps to ramp up security.
- Get Cryptic with Network Name: The default name of your router displayed is all a hacker needs to determine its make and model. From there, accessing your devices is simple. Rename it giving no clue whatsoever to help any wrongdoer on their way
- Set Up a Guest Network: This is not a slight against friends and family but a simple security measure worth implementing. No guest needs full access to your network. And let’s face it if you’ve got teens with a houseful of random visitors, how do you know whether they’re friends with your kids or just acquaintances? Guest networks are easy to set up and provide Internet privileges without compromising anything sensitive. Don’t feel guilty about this. Just do it
- Immediately Change Default Credentials: Most devices come with standardized usernames and codes. It doesn’t take much digging for a hacker to make use of these credentials. Change them to something strong using numbers and symbols. Avoid using the same password you use elsewhere
- Keep Software and Firmware Updated: Rather than dismissing
those notifications to update software and firmware, take action. It might
stop you in your tracks for a few minutes but could very well lead to a
security patch, or valuable improvement so don’t skip the updates
- Reset Router Frequently: You don’t need to go over the top
here, but an occasional reset can minimize the chance of VPNFilter malware
taking over your router and takes no time and is worth doing every couple
- Thin Out-Default Settings for IoT Devices: The majority of IoT devices come with pretty much every feature activated. Remote access? Handy if you use it, but a security risk if you don’t. Take a few minutes to scour through the settings and disable those that don’t serve you
- Activate Two-Factor Authentication: While receiving a code pinged to your smartphone when logging in might seem like hassle you don’t need, adding this extra layer of authentication is well worth the minor inconvenience
- Avoid Public WiFi for Remote Device Management: It might be tempting to use a public WiFi network when you’re out and about to manage your smart devices. It’s a bum move for obvious reasons. If you insist on using public WiFi, be aware of the risks. You can mitigate them to some extent by using a VPN, but our advice is not to use these unsecured networks at all for device management
3 General Threats and How To Fight Back
We’ll look at three threats to the security of your connected home along with some simple pointers on protecting yourself:
- Privacy, Data, and Identity Theft
- Device Hijacking
- PDoS Attack
1) Privacy, Data, and Identity Theft
From smart devices and appliances through to wearables – more on those next week – a significant amount of data is collected in the smart home of 2019.
Unfortunately, this can be exploited if it falls into the wrong hands for fraudulent transactions or outright and deeper-seated identity theft.
Robust authentication and encryption should keep all but the most stubborn attacker at bay. You should also pay close attention to access control.
Privacy is a huge issue these days with breaches occurring everywhere from Facebook to online banking. Smart devices are no exception to a menacing global trend that shows no signs of abating.
2) Device Hijacking
An attacker can hijack your device and take charge of it. We’ll touch on this more fully below. Since the inherent functionality of the device appears unchanged, device hijacking can initially be tough to detect. Until, of course, your thermostat starts going haywire or your TV behaves strangely.
The inbuilt sting is that a single compromised device can infect others.
Since the threat of this type of attack is mild, you should double down on device ID while also making sure your access control is locked down.
3) PDoS Attack
With a Permanent Denial of Service (PDoS) attack, devices can be damaged so ruinously they need a hardware replacement at best, possibly even complete replacement.
Regular security monitoring is a must and, as with other
threats, pay attention to:
Vulnerabilities in Smart Devices
That suite of smart devices in your connected home undeniably streamline your life and in many ways help to ramp up security.
How about the flip side of that coin, though?
Sadly, there are a few vulnerabilities it pays to be aware of. We reiterate these attacks are wildly unlikely. We’re here to educate not scaremonger, but it pays to know as much as you can about any weaknesses in your system. That way, you can remain on guard and take action when required.
Here, we’re only underscoring the potential flaws rather than looking at general security strategies and countermeasures. Following all the advice above should keep you pretty well protected.
- Cameras: Cameras are the first line of defense in any smart home security system, yet they can also be used against you in the wrong hands. Hackers can get hold of serial numbers using brute force attacks. Equipped with these, they can intrude upon both video and audio feeds. It’s not out of the question the entire network could be hijacked.
- Fridges: Smart refrigerators are not cheap. As such they are not commonplace in the average smart home yet they are popular enough to rate a mention. These fridges mine a great deal of data about your eating habits so make sure you’re comfy with that. Worse still, though, since smart refrigerators stop serving up security updates after a while rendering your home vulnerable to digital intrusion
- Garage Doors: While it’s incredibly convenient to arrive home and have your garage doors automatically open thanks to the geofencing on your smartphone, the opener collects data about your comings and goings. A tech-savvy hacker could potentially use this information to gauge when your home is empty and ripe for plundering
- Lights: Smart lighting is one of the most common entry-points for automating your home. Unfortunately, they can also be hacked from a distance through the radio signals emitted. You might only be a question of someone messing with your settings, but they are nevertheless not safe from harm.
- Locks: Clearly, your entry system is the one area of your home; you don’t want to be compromised. Unfortunately, Bluetooth is vulnerable to hacking. You should think very carefully about which type of smart lock to install and don’t update your locks unless you’re comfortable with the idea in principle. The last thing you need is to feel at risk if a regular lock and key works well for you. Spend your budget elsewhere in your home instead.
- Routers: We doubled down in depth on routers, but they can be hacked to steal data.
- Smart Speakers: Alexa and Google Assistant are ubiquitous in smart homes the world over. Their always-on nature exposes them to more risks than the average device, though. The security risk here is more down to data collection with details of your music and TV habits along with any conversations being collected. You need to think about your attitude toward this data mining before committing to purchase
- Smart TVs: Again, it’s data that can be used to ill intent with smart TVs. A hacker could also perhaps display inappropriately, which could be embarrassing or downright distasteful if you’ve got young kids at home
- Thermostats: While there’s no acute security risk with smart thermostats, hackers are generally malevolent. Much like common street vandals, there’s often nothing but malice behind their efforts. Using the source code of the log-in page, hackers could potentially raise or lower the temperature in your smart home dramatically
- Vacuum Cleaners: Robotic vacuum cleaners save you a great deal of time and effort. If hacked, though, sensitive information about the floor plan of your home could be revealed
- Washing Machines: Smartening up your washing machine is a slick move. Bear in mind, though. Hackers could exploit connectivity glitches or weak points in the mobile app to gain control of the appliances in your home
A connected home is great but make sure you’ve got a secure connected home.
Next week, we’ll be rolling out more of the latest smart home news along with a glimpse at some of the most innovative products to add to your arsenal. Bookmark our blog, follow us on social media and come back soon!