Protecting devices from the internet of unsecure things
Feb. 5, 2018
Column by Eric Payne,
SRC Technologies Senior Security Architect
Internet of unsecure things is infringing on our devices
Be vigilant with connectivity to protect privacy and avoid becoming down and (I)oUT.
GREEN BAY, Wis. — Every January, the digerati gather in Las Vegas at the Consumer Electronics Show (CES) to see, hear and touch the latest and greatest in technology. This year, one of the biggest stories to come from the confab is that everything is connected. Beyond simple smartphones and smartwatches, the new internet of things, or IoT, has expanded to include smart homes and smart workplaces.
Some of the innovative trends in IoT include smart voice controls (think Alexa) and smart device interfaces (think Roomba), connected health devices and connected cars. As usual, where there is excitement and everyone is fired up, there is bound to be smoke and mirrors. Unfortunately, cybercriminals are taking advantage of the murky smoke and mirrors surrounding the IoT and turning it into the IoUT – the internet of unsecure things.
The good news is that manufacturers and software companies are aware of the perils of unattended, connected devices that can fall prey to cybercriminals. Last month’s CES event featured seminars under the banner of “Deploying IoT Platforms – What You Need to Know” and “IoT and the Connected Consumer,” which included topics such as trends, innovations and, more important for consumers, privacy.
One of the greatest concerns is that the same ability to reach internet-connected devices in the home or office locally or remotely via Wi-Fi can also make them susceptible to hacking. Devices that have been compromised include baby monitors, air conditioners and automobiles. In fact, IoT device search engines exist that have cataloged the existence of connected devices all around the world. If these devices are unsecured — for example, if they only use the default out-of-the-box administrator password — you may be able to connect to them. If the device is a connected Wi-Fi camera — for example, a nanny cam — the privacy damages can be immense.
Don’t despair! Here are some specific steps you can take to keep your home and business secure while enjoying everything the internet of things has to offer in the way of connected devices for fun and productivity:
Change default passwords
One of the easiest ways for even the most casual of hackers to gain access to a Wi-Fi router or other connected device is to Google the default administrator password for the device and attempt to log into it. To avoid this, make sure to change the default user, if possible, and the password. Our company provided insight into how to pick strong passwords in a recent blog post here with a few suggestions to follow.
When in doubt, disconnect
If the device in question doesn’t need to be connected to the internet — for example, a baby monitor that you are watching from another location in the same home or a Wi-Fi-connected printer that is already connected to your router — turn additional connectivity features off and don’t connect those devices to your wireless network. As previously noted, IoT device search engines exist that have compiled lists of connected devices by type. By disconnecting potentially vulnerable and unnecessarily connected devices, you can ensure privacy.
Learn about your new devices
It’s exciting to take advantage of the connected devices that you purchase, but be aware that these devices are designed to be easy to use, which usually means they may also be more easily compromised. Take time to review your device documentation, search the internet to see what device vulnerabilities may exist and take steps to secure the device, including using strong passwords that you change frequently.
Turn the tables on hackers
You may have vulnerabilities in your Wi-Fi network that you are not even aware exist. To make sure that you know each and every connected device on your home or office network, use a Wi-Fi scanning tool. One that I like is the Kaspersky IoT Scanner, which is available as an Android app. It can scan any network to which you are permitted to connect, allowing for discovery of what other devices at home or in the office are connected to the internet. It also highlights potential vulnerabilities, such as open internet ports that you may need to secure.
Connected devices offer a wide range of useful capabilities that extend your play and productivity. Just be sure they also extend your privacy when you are using them at home or in the office.
Eric Payne is a senior security architect with SRC Technologies in Green Bay, Wisconsin. He has nearly 20 years of experience working with companies on cybersecurity and data-protection technology that includes Microsoft, VMware and Kaspersky.
About SRC: SRC Technologies is located in Green Bay, Wisconsin. With 20 technology professionals, SRC provides consulting and management to midmarket companies for their IT infrastructure and data-security needs. This enables IT to enhance business performance.
For more information, visit srctechnologies.com.