Internet of Things, News

IoT Expert Lyle Hauser Explains How to Protect Your Smart Devices from Cyber-Attacks

how-to-protect-smart-devices

This sounds simple, but apparently, it is not: When it comes to securing devices that are part of the Internet of Things (IoT), my No. 1 piece of advice is this: Don’t make it easy for the bad guys.

What I’m talking about here, first and foremost, is that you should solidify your passwords. Again, doesn’t sound like such a big deal, but it is. While there are other steps you can take to thwart cybercriminals — steps we will discuss presently — that is a big one: Erect the first line of defense against these ne’er-do-wells.

That means being creative when you purchase some new gadget. It means setting up a password other than “password” or “1234567.” Be creative, for goodness sake. Use symbols and upper- and lower-case letters. Make it different than your other devices. Doing anything less invites trouble.

Here’s a stat worth keeping in mind: The average IoT device is attacked once every two minutes.

Here’s another: By 2025, it is predicted that there will be 75 billion connected devices in the world.

The point is that the cybercriminals, who are already aggressive, aren’t going away any time soon. Not with that many potential targets available to them. They’re only going to grow bolder, more resourceful, more plentiful.

While there is no doubt that the Internet of Things has added a great deal of convenience to our lives, it has also added a great deal of vulnerability. As cybersecurity expert Michael Gazeley told the South China Morning Post in September 2018:

Most IoT devices … are a hacker’s dream … each smart device is potentially another way into your home – to access your data, abscond with your money and steal your identity.

Some examples of havoc that has been (or could have been) wreaked, as compiled by iotforall.com:

  • 2013 — Trendnet, a company that produces webcams, is found by the U.S. Federal Trade Commission to have transmitted login credentials to those devices over the Internet from at least 2010, and in January 2012 hackers post live online feeds from nearly 700 of the company’s cameras.
  • 2015 — Researchers find that they are able to take advantage of a firmware glitch to remotely control a Jeep SUV courtesy of a cellular network. They accelerate and decelerate the vehicle and even steer it off the road.
  • 2016 — The quintessential botnet — i.e., an attack on several small devices that enables hackers to aggregate enough processing power to launch an even bigger assault — is the Mirai Botnet, which shuts down such sites as Spotify, Netflix and PayPal for a time.
  • 2017 — Could a hacker kill someone? That possibility is raised when CNN reports of vulnerabilities in St. Jude Medical’s implantable cardiac devices, which might have afforded hackers the opportunity to tinker with a patient’s pacemaker or defibrillator, with potentially dire results. Happily officials developed a software patch to address the problem, and no one was harmed.

On any given day, a cybercriminal could invade your home courtesy of your smart speaker (Alexa, Sonos, AirPlay 2, Google Home, et al.), your smart TV, your WiFi router, your security camera, even your smart cat bowl.

Back in 2014 a study conducted by HP revealed that seven of the 10 IoT devices that had been examined had at least one soft spot that could be exploited by hackers, and that the devices had 250 vulnerabilities among them. They included things like hard-coded passwords, which cannot be changed by the consumer, lack of a secure boot (i.e., a device boots by software other than that which is trusted by the manufacturer) and allowing firmware updates that are not authenticated.

So we return to where we started — to passwords. As was shown in the HP study, some devices are produced that do not allow the customer to change the login information. Steer clear of such gadgets in favor of those whose default passwords can be updated — and then do it as quickly as possible, as the defaults can easily be found courtesy of an online search.

In addition, make sure to rename your router, as the company and model number are often identified in the default name, again giving cybercriminals vital clues as to how they might be able to invade your network.

Other steps include implementing two-step authentication, which adds an extra layer of security beyond the password (sometimes via cellphone code), strengthening the encryption of your WiFi router through means like WPA2 and auditing IoT devices, as more recent models sometimes offer greater security.

But it’s important to keep in mind that the most basic step can often be the most important one — that you need to be vigilant about your passwords.