By the end of 2020 there will be over 20 billion IoT (Internet of Things) devices connected to the internet. The amount of data that passes from device to device, device to server, and device to cloud all carry known, but in most cases unknown, vulnerabilities.
In October of 2016, there was a massive DDoS (Distributed Denial of Service) attack that started on the east coast of the US and spread quickly affecting Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, and the PlayStation network. Beyond these high profile sites, it is likely that thousands of online retail operations were disrupted. The DDoS attack force included 50,000 to 100,000 internet of things (IoT) devices such as cameras and DVRs enslaved in the Mirai botnet, as well as an unknown number of other devices that are part of other botnets.
With today’s technology, we can order lunch, feed our pets, change the temperature in a room and even order Chinese takeout all from one device; our smartphones. All those conveniences have an inherent risk; they all send and receive data. As minor as it might seem to have your automatic pet food feeder go haywire and feed Fido at different times, imagine if a hacker was able to gain access to your thermostat. By simple analytics, they can figure out when we are home or away.
The explosion of IoT has left many open to exploits we have never thought of. We protect our credit cards, social security numbers, and even our driver’s license, and most non-IoT manufacturers make security a priority. However, most IoT devices are vulnerable because they:
- Have Weak, Guessable or Hard-Coded Passwords
- No Mechanism for updating your devices
- No system hardening, which gives a system various means of protection to make it more secure
When considering your IoT devices, consider the following questions:
- What are the privacy policies?
- Will the provider store your data or sell to it to a third party?
- How are updates enabled?
One of the best ways to make your IoT systems more secure is by making your Wi-Fi router more secure. When considering a router, cheaper isn’t always better. A fifty-dollar router will cost one hundred times that if your IoT devices are hacked.
Since your IoT devices most likely are connected to your home Wi-Fi router, here are some tips for your home router for better security:
- Give your router a unique name, but nothing that can be associated with you or your street address
- Use strong Encryption, such as WPA2, when you set up Wi-Fi network access
- Set up, (if needed) guest access, that will be separate from your IoT devices for visitors, friends and relatives
- Set up strong passwords for your network, utilizing phrases and special characters, and change them at least every 3 months
- Check your router status for firmware and security updates
- Avoid using public Wi-Fi when connecting to your IoT. If you have to manage those devices, use a VPN
IoT is here, and it is here to stay. We have stood back in awe of what we can do with IoT, and have only scratched the surface of IoT devices. Until the devices can be made smarter, e.g. relying less on cloud services and using more predictive analytics, we will always be vulnerable to the next outage or DDoS.
About The Author: Joe Johnston is a network technician for Alabama-based Integrated Solutions, a company that provides comprehensive IT and operational solutions to support business needs.