Lately, I’ve been amazed at how quickly the Internet of Things (IoT) has become a part of my life. Everything from speakers to a Crock-Pot (yes, a Crock-Pot) has been connected to my home wireless network at some point. As much as I enjoy all the conveniences that these devices provide me, I always consider the security implications prior to purchasing an Internet-connected device. It’s worthwhile to weigh the convenience of installing new Internet-connected equipment vs. the privacy issues that can occur if the device is compromised.
There have already been a variety of security issues stemming from the widespread adoption of IoT devices. Last fall, a website published links to over 73,000 unsecured camera throughout the world. These cameras monitored everything from shopping malls to people’s bedrooms. Without implementing proper controls around IoT devices, we will continue to see similar issues arise.
I don’t intend for this blog to scare people away from purchasing IoT devices. In fact, I will provide you with a few simple changes you can make to your IoT configurations that will reduce the privacy issues that can occur by installing an IoT system. These changes won’t necessarily diminish the conveniences you can gain by buying an Internet-connected thermostat or installing the latest IoT security camera. However, they will significantly reduce the risk associated with installing an IoT system.
A few recommendations for your new gadget:
- Change the default password – A majority of the aforementioned cameras were compromised because the owners did not change the system’s default password. By simply setting the password to something that will be difficult for an attacker to guess, you can reduce the risk of someone compromising your device.
- Segment – Try to isolate your IoT devices from the rest of your home network. It is very possible that an attacker would use an IoT system as an entry-point to gain access to other systems.
- Check for software updates – Make a routine to check for software/firmware updates for all of your IoT devices. These updates will often contain a security patch that can protect your system from being exploited.
- Do not expose the device directly to the Internet – There shouldn’t be a need to expose an IoT device directly to the Internet. This will provide an attacker a much larger surface to attempt to exploit your device. If the system requires that configuration, it is worthwhile to consider another option.