Convenient But Vulnerable: Why You Need to Take a Closer Look At Your IoT DevicesJuly 10, 2020
Emerging technologies, including smart devices, machine learning, and the advent of 5G networks are powering new efficiencies in the Internet of Things (IoT). Analysts expect the total number of installed IoT connected devices to explode, with one projection estimating more than 75 billion worldwide by 2025.1 With so many devices connecting to the Internet from both home and business networks, it’s important to pay attention to data security.
IoT devices often share the same networks used for our desktop computers and laptops. Traffic and data from devices like wearables, digital home assistants, and cameras, move freely and, in most cases, unencrypted over the network—and unfortunately their security vulnerabilities are well-known by hackers. Most IoT devices are connected 24/7 and have “significant bandwidth available, making them attractive targets for conscription into Distributed Denial of Service (DDoS) botnets.”2 Additionally, cybercriminals use these devices to enter enterprise or home networks, gather confidential data, and compromise privacy.
There are many known IoT device vulnerabilities, including unprotected network services and data transfer, lack of software updates or patches, and widespread use of insecure default settings. There is also an uptick in malware attacks on IoT devices that target devices running on old operating systems with known or guessable default passwords. For example, in June 2019, a 14-year-old hacker used the Silex malware to shut down more than 4,000 insecure IoT devices.3 Many security analysts believe these types of attacks against IoT devices will continue to evolve.
Many IoT devices lack the ability to update or patch software, leaving personally identifiable and sensitive data permanently at risk and exposed to cybercriminals. As it stands now, too few IoT devices have basic security measures in place, such as data encryption. Some wearable devices contain vulnerabilities that have allowed hackers to track a user’s location, listen in on conversations, and even communicate with the user.
As the number of connected IoT devices continues to grow, so will the amount of data they generate. Fortunately, there are a number of steps you can take to secure your IoT devices and protect your privacy. Below are seven ways to minimize risk when using IoT devices:
- Research devices before you buy. Learn everything you can about both the device and its manufacturer before you make your purchase. Read consumer reviews and be sure the manufacturer prioritizes security. Find out if the device is configured to download timely security updates.
- Don’t leave default passwords unchanged. When setting up your new device, change the default username and password immediately. Create a unique username and a long, complex password for the device. While you’re at it, change the preinstalled nickname of your home assistant to something only you and your family know.
- Update privacy and security settings and disable any features you won’t use. Before using your device, check and update all of the manufacturer settings and limit access to protect privacy. Experts recommend turning off universal plug and play features so that it’s more difficult for hackers to locate and connect to these devices.
- Keep device firmware or software up to date. Always download and install updated software when prompted to patch any known security threats. Turn on automatic updates. If you can install third-party apps on your device, only choose those from a trusted provider.
- Set up a secure router, and if possible, a separate network for your IoT devices. Smart appliances should not be on the same network as computers. Set up a different network on your existing router or use a second router for IoT devices only. Use a VPN for added security.
- Conduct an audit of all the IoT devices on your network. Remove any unknown devices and consider upgrading older devices to newer models with stronger security features.
- Stay informed. Pay attention to news stories about trending IoT attacks and new vulnerabilities. Take any actions recommended to beef up your IoT device security.
CyberScout®—We’ll take it from here.™
This content provided by CyberScout. CyberScout is leading the charge against hackers and thieves, providing identity management, credit monitoring and cyber security for more than 17.5 million households and 770,000 businesses. Barton Mutual is proud to partner with CyberScout for our commercial and family cyber insurance products.
1 Statista, “Forecast Market Size of the Global Smart Home Market from 2016 to 2022,” February 19, 2020
2 Security Magazine, “The Rise of the Internet of Things,” January 20, 2020
3 Threatpost, “Thousands of IoT Devices Bricked by Silex Malware,” June 27, 2019