The Internet of Things (IoT) is one of the greatest revolutions currently happening in the world of tech, allowing everything from cameras to thermostats to buildings to even toilets and toothbrushes to send and receive data. In doing so, it’s possible to make previously “dumb” tools and infrastructure smart.
But as much as regular, law-abiding users are excited about what IoT devices have to offer, so too are cyber attackers who see another possible vector for causing chaos. IoT devices could be hacked to steal personal, sensitive data or to harness as part of giant “botnets” of hacked devices for launching massive Distributed Denial of Service (DDoS) attacks of unparalleled size.
From proper use of cyber security solutions to extra precautions you may not have considered, here are four ways to secure IoT devices against cyber attacks.
#1. Change passwords and default router settings
When you set up a new account on a website you hopefully utilize a strong password, consisting of a combination of upper and lower-case letters, numbers, and maybe a symbol or two for good measure. Hopefully you also don’t recycle this password across every platform you use, so that a data breach of your pasta delivery box company (as an example) won’t also allow said attacker to break into your bank account and steal your life savings. But do you show similar precautions when it comes to IoT devices? Quite possibly not.
Many users will never change the default passwords and security settings of their devices. That’s particularly problematic because many devices will recycle the same passwords and usernames. For instance, one recent study suggested that only five sets of passwords could be used to let intruders gain access to one in 10 connected IoT devices — ranging from DVRs to routers to washing machines. Those username and password combinations? Admin/admin, admin/0000, support/support, user/user, and root/12345. And while you’re changing passwords, don’t recycle the same one across all your devices, either.
#2. Patch and update firmware
Like the password scenario described above, you may have double standards when it comes to updating firmware on your devices. Update your iPhone and you might get the latest flashy feature from Apple, giving your smartphone new emojis, an AR viewer, or an overhauled set of apps with fresh icons and user interface. On the other hand, updating your smart fridge or smart lights probably comes with less of the big, attention-grabbing new features. It may even seem lower priority since many assume that an attacker is far more likely to want to gain access to your phone, home to much of your private data, than they are to be able to remote control your thermostat.
However, that ignores the fact that it’s probably far easier to hack your smart lights than it is to hack your phone. Security for IoT devices can be notoriously lax, and hackers are well aware of this. To address security flaws, reliable IoT device makers will push out security updates when they become aware of potential vulnerabilities that could be exploited. But just like every security update, users have to make sure they install in order for it to work.
#3. Do not use Universal Plug and Play
Universal Plug and Play or UPnP is designed to make your life with IoT devices simpler. UPnP is intended to make it simpler for network devices to discover one another without having to carry out a whole lot of extra configuration. It means that whatever device you get can easily attach to a network and configure port access on your router.
The problem is that this same innovation also makes it easier for hackers to find your IoT devices as well. UPnP was one of the chief culprits in the Mirai cyber attack, which harnessed a massive botnet of IoT devices such as security cameras and routers, and used them to launch DDoS attacks on targets. There is often a conflict and tradeoff between security and ease-of-use. In the case of UPnP, you’re probably better off switching it off.
#4. Invest in the right cyber security solutions
Some solutions to the IoT security problem you can handle yourself. In other cases, it’s worth bringing in the experts. Luckily the right cyber security tools are available. Tools like Web Application Firewalls (WAFs) and DDoS protection can help safeguard against threats, as can API security, Runtime Application Self-Protection (RASP), Endpoint Protection Platforms (EPP), and more. If these are unfamiliar technologies to you, you should do your utmost to ensure that changes. Employing the right cyber security measures can be a game-changer when it comes to IoT defense.
Ultimately, the Internet of Things has a whole lot to offer. But it’s essential that you take the right steps to mitigate the threats, while still enjoying everything positive that IoT has to bring to the table. Your smart home will be all the smarter for good security.