The relentless goose step of technology over the past decades has lead to the eventual invasion of the microchip into almost every product in the first world. This has left many astute observers asking what unintended consequences we might be overlooking. As the IoT (Internet of Things) becomes more prevalent, security has taken a back seat to progress. We should be mindful of where this trend may lead.
Smart Devices Everywhere!
In a relatively short period of time, there has been an explosion of IoT devices entering the consumer facing marketplace. They have increasingly entered homes and infiltrated our daily lives. Techopedia defines these “Smart Devices” as electronic gadgets which are able to connect, share and interact with their user(s) and other smart devices. While interactive speakers such as Google’s Home or Amazon’s Echo come to mind, smart devices have a far wider reach. To complement these popular AI personalities, we are now seeing smart light switches, wall outlets, security cameras, and televisions. There are even smart ovens, refrigerators, toys, light bulbs, window blinds, scales, watches, wallets, and key rings – to name a few!
There is something inherently creepy about inviting an artificial personality into your home (I’m sorry, Dave). However, the real danger of these technologies comes as a consequence of how many of them were rushed to market. Manufacturers, seeing more profit from a quick entry had left any consideration for security in the waste bin throughout device development. As a result, the IoT has been left wide open to attack with virtually no barrier to entry. Once an attacker gains one foothold in a network, it is easy to pivot from there and grab control of everything connected to it. This includes every smart device and computer therein.
A House of Unlocked Doors
Is your smart coffee machine having problems? It could be because these connected brewers open up a non-encrypted hotspot every time you turn them on, making them easily compromised by hackers. Remember the KRACK vulnerability we wrote about nearly a year ago? Many printer manufacturers, including big names like HP and Brother, have since decided to do nothing to patch the vulnerability. This lack of response leaves most printers in the wild today wide open to attack. Most IoT devices are even further down the priority list. Manufacturers rarely see any economic benefit in patching them, or in building security into them from the beginning.
It is largely because of these lax standards that attackers have been specifically targeting IoT with their botnet attacks at an alarming rate. By infecting a few vulnerable devices across millions of homes, black hat hackers are able to amass multiple supercomputers worth of combined processing potential from the comfort of their homes. All of this power can then be utilized to unleash attacks, or to amass wealth from mining cryptocurrency at their victims’ combined expense (in the form of higher electricity bills). Researchers have noted that our power grid could actually be taken down by hackers taking control of “smart” appliances, that’s scary.
What Can Be Done?
At Appletree MediaWorks, we always take a proactive approach to information security – our clients depend on it. Given the state of devices on the market today, we recommend doing some research before purchasing any new smart device. It only takes a minute to search “Device Model” vulnerabilities in Google, but it could save a lot of pain down the road. Furthermore, as companies begin taking security seriously, it will pay dividends to support the responsible ones with your purchasing power.
Already have a bunch of devices? There are still several steps you can take:
- Create a separate network for IoT devices
Many new Wi-Fi routers support guest networks. Set this up with a different password from the one you connect your computers to. Then make sure your IoT devices only connect to the guest network. This step will help to isolate your data from some of the worst security holes. - Disable UPnP
If your devices support Universal Plug and Play, disable it. This is a convenient feature for easily connecting to networks, but it is also highly insecure. Not worth the risk. - Keep firmware up to date
Even though manufacturers aren’t always quick enough in reacting to threats, it is still good to keep your devices current. This gives you the best possible chance against emerging threats. Make sure that updating device firmware is part of your regular routine. - Use good passwords
Furthermore, every device on your network should have a unique password. This will limit the damage in case an attacker does manage to get in. - Don’t connect anything you don’t need connected
Okay, so the new fridge can send you text alerts when you run out of eggs. But do you need text alerts like this? Do you mind someone in Russia also knowing that you’re out of eggs? What if they decide to turn on your oven while you’re away at work? - Turn off Bluetooth when not in use
This prevents other nearby bluetooth devices from pairing with yours and stealing data. It also has the added benefit of preserving battery life.