If it has happened to PayPal, Target, Netflix, Spotify, and hundreds of other major corporations, it can happen to you. We’re talking about hackers breaking into highly secured systems of major corporations; of course, they are bigger fish than what cybercriminals will find or get off your smart home devices, but you are also easier pickings. Unless that is, you learn more about smart IoT devices in the home, security and privacy implications, and how to block invaders before they attack.
If You’re So Smart, Why Can’t You Stop the Bad Guys?
It seems to be an oxymoron that your smart devices can be outsmarted by nefarious humans out to do harm and profit from the innocence of your device. But remember, most smart devices have a one-track mind; that is, they are programmed to perform one or a set of specific instructions to complete a certain task. In this sense, they are not smart like computers trained to play chess (trivia note: 2005 was the last year that any human beat the top chess computer in the world…and it keeps getting smarter!) or perform complex analyses; those types of computers are programmed to self-improve through continued learning, while your smart IoT devices went through basic training and arrived at your home ready to serve, with no need to ever learn anything more (until an upgrade comes along).
Symantec, experts in the world of Internet security, recognized the new opportunities afforded to attackers with the swift popularity of smart IoT devices that quickly populated millions of homes. Their 2017 Internet Security Threat Report described the appearance of Mirai in 2016, which was “a botnet composed of IoT devices such as routers and security cameras” that resulted in the largest DDoS attack in history. Symantec also noted that attacks on IoT devices doubled in 2016; during peak periods, the average IoT device experienced an attack every two minutes. This is why the informed user needs to stay up to date with the latest smart home privacy concerns along with tips on how to best fend them off.
5 Known Smart IoT Device Threats
Attackers employ many different methods to pierce your home network and start exploring the personal and private details of your life. Here are five of the most common attacks you may encounter.
Data & Identity Theft
The wearable devices and smart appliances you are using are often targeted by the bad guys; they can harvest enough personal information to steal your identity and make fraudulent transactions.
One hijacked home IoT device is all it takes to infect the remaining connected devices; your smart thermostat can get hijacked and spill enough beans that the cyber intruder can lock and unlock doors at will and even change the PIN so you can’t get back in.
The attacker gets takes over communication between two systems (like your cloud and your home IoT devices) and transmits incorrect data that can disable the other system; turning on HVAC systems at full blast during a blizzard is a chilling example.
Distributed Denial of Service (DDoS)
A standard Denial of Service (DoS) is a disruption of service that makes machines and networks services unavailable to its users, either temporarily or permanently; with a Distributed Denial of Service, multiple sources are attacking, making it harder to block than a single source of attack (like getting all the air bubbles out of a waterbed).
Permanent Denial of Service (PDoS)
This is as bad as it can get; a targeted PDoS (also referred to as phlashing) attacks a home IoT device with such force that hardware ends up needing to be replaced or reinstalled (talk about a meltdown!)
As you can see, we’re not in Kansas anymore! But let’s see if we can get back there and address those IoT privacy concerns.
Keeping Your Guard Up – A Dozen Protective Measures
The favored and most-targeted device of attackers is your router. Once inside, they can see every other connected device; that is why quite a few of these tips help you better your shield your router.
1. Name Your Router
If your router came with your internet service, chances are its name is quite transparent. Manufacturers often use the make and/or model as the router name; attackers love such easy identification! When you name it, please do not use your name, address, or other personally identifiable information. Be creative: PurplePeopleEater or Queen_of_the_Nile is more appealing and memorable than Wfdsorlak12442X.
2. Encrypt Your Wi-Fi Network
For some unknown reason, your wi-fi is usually set up with the weakest encryption method possible. Find the strongest encryption method on hand (typically WPA2) and use that instead. This step adds yet another tough layer of protection attackers must penetrate; if they want in, don’t make it any easier than possible. Make them work for it and hope they walk away muttering in disgust.
3. Guest Network for Visitors
Anyone not a resident of your home does not need to be on your network; instead, offer them a secured but separate guest network. This is not to say that your friends, relatives, and neighbors are untrustworthy hackers (well, maybe a few, like Uncle Arnold); but securing all your home IoT devices only to have Uncle Arnold be the backdoor into your personal life because he doesn’t understand or practice device security on his phone is as bad as not securing your home.
4. Change Default Passwords
You may have noticed that many devices “save you the hassle” of setting up a user account by having a default username and password already installed so you can plug and play with no delay. Rest assured, any cyber thief worth his salt has a list of every device that delivers with default usernames and passwords. Did you get a device with a hardwired username and password that can’t be modified? Return it and find one you can protect.
5. Use Strong & Different Passwords
Since you are changing default passwords, only use entirely random passwords and different passwords for each and every device. Want some help coming up with impenetrable passwords that even the smartest chess computer could never figure out? Try Secure Password Generator, a free online tool and the bane of all cybercriminals.
6. Look for Other Default Settings
Sometimes it isn’t just usernames and passwords that have been set at the factory; privacy and security settings should always be checked before connecting a new home IoT device. Manufacturers are in the business of selling product, not protecting your home ambient computing system. Check each and every setting which can be changed and confirm that it is set as you desire, not as the manufacturer deems appropriate for your unique situation.
7. Kill Unused Bells & Whistles
If your IoT has extra features that you will never need or use, why have it turned on and needlessly cluttering the processor? For instance, remote access is a popular add on that most people never use; if that’s the case, disable it.
8. Always Install the Latest Updates
It may seem like a hassle to do updates, especially when it’s a minor fix. The real hassle is ignoring a crucial update and helplessly watching the invasion of your networks like fire ants at a picnic; it’s no picnic indeed.
9. Upgrade Out of Date Devices
In addition to the latest models offering more oomph and power, you will usually see the latest security measures installed in the equipment. Plus it’s fun to get the latest and greatest Ring Video Doorbell or Google Nest Hello Video Doorbell.
10. Double Up Security
You have probably run across two-factor authentication (2FA, if you’re hip), where you have to wait for a special one-time code to hit your phone before you can proceed further. if you find them annoying, don’t! One-time codes sent to your phone can’t be beat as the final step to gain entry into your private world. If the baddies hate it (and, man, they loathe it!), you gotta love it!
11. VPN It When On the Go
It’s neat to be able to manage your devices when you are out and about, but if you’re doing that management on public wi-fi, it’s actually not so neat; it’s really messy, like in ruining your life. If you get on public wi-fi, ALWAYS do so using a VPN. Highly recommended is NordVPN, which works Android, Windows, Mac, and iOS.
12. Bookmark (and Frequently Visit) HelpfulHome.com
Yes, the world of technology changes swiftly. That’s why we are here, with our finger on the rapidly beating pulse of everything connected to smart IoT devices, discussing security and privacy in IoT; one of many topic and issues you will find here. Smart IoT devices are helpful if used right; we too are helpful if you use us right. Using HelpfulHome.com right is as easy as bookmarking us, regularly visiting us, and contacting us whenever you have a question, comment, idea, or just want to say hi. For instance, we would love to hear your experiences or suggestions about smartly securing your home that have eased your smart home privacy concerns.