As someone who has spent over a decade in the IoT security space, I have seen many attacks and vulnerabilities affect the IoT devices in my life. Yet I don’t shy away from smart home devices. You shouldn’t have to either, if you take steps to secure them.
From smart thermostats to baby monitors, the devices in your home make life more convenient for you, but they also can expose you and your personal information to unwanted cyberattacks. Attacks range from downright creepy, like reports of hackers using baby monitors to spy on families, to financially risky, like the possibility of attackers stealing your personal information — credit card details, birth date, and even social security number — to life-threatening, like when medical devices or smart cars are compromised. Simply put, your personal information is vulnerable if it is being transmitted or stored on an IoT device without encryption. Does that mean you should avoid these devices entirely? Not necessarily.
It’s a catch 22. You want the benefits of smart technology. But you also want the assurance that your device is safe and secure. So who is responsible for securing these devices?
Consumers should have the right to assume when they purchase an IoT device that it is safe and secure, ensured by laws and regulations. However, currently, there are almost no laws regulating IoT device security. While manufacturers are not experiencing the pressure from governments to incorporate security in the development of IoT devices, that leaves a lot of responsibility in your hands as the end-user to make your devices safer.
Regardless of what regulators or manufacturers are doing, consumers need to be more aware and take some responsibility to secure their IoT devices. Here are a few things you can do now to secure your smart devices:
1. Research before you purchase
Do some research before selecting a device to determine what the common vulnerabilities are, what kind of data is collected and how that is protected and shared. Read the privacy policy and see how much control you have of your data and how it is used. Avoid purchasing products with security concerns; prioritize privacy over price. If every consumer did this, manufacturers would have no choice but to make security a priority!
2. Never use default passwords
Default passwords are passwords that come prebaked in the device from the manufacturer — sometimes even written in the user manual. Whenever default passwords are provided by the manufacturer, consumers need to change them and utilize good password practices. Even with strong security features, using default passwords can put your device and data at risk because it makes your device an easy target. Instead, opt for long, strong passwords and change your passwords about every six months. Use two- or multi-factor authentication where possible. You may also consider using a password manager and authentication app, which will make it much more difficult for the hacker to get into your network.
3. Update the software
Software updates help your device run the latest protection and security patches. Some devices offer automatic updates but check if you will need to update your devices manually. This is critical because as hackers evolve and find new vulnerabilities, software updates provide security patches. When updates come out from the manufacturer, make sure to install them to ensure you are running the most current software.
4. Check permissions
Turn off any settings that you don’t need, like remote access or location settings. Only allow permissions for settings that are necessary. And don’t automatically connect your device to the network unless you need to. Just because your device can connect to the internet, doesn’t mean it should. Additionally, don’t connect your devices to suspicious or public networks; public Wi-Fi is not always safe.
5. Don’t forget about your phone
A lot of smart devices connect to apps, so don’t forget to protect your smartphone. If your phone is lost or stolen, you wouldn’t want anyone to be able to access your smart home through your apps.
6. Keep track of your devices
Know what is connected to your network. Every new device connected to your home network is a new vulnerability — and it only takes one vulnerable device to compromise the network. Only use what you need, and make sure to take old, outdated devices off of the network. But make sure when you get rid of old devices to reset them to factory settings so the next user cannot access your data or network.
7. Bonus: Separate networks
If you're feeling ambitious and have the technical expertise to do this, you could create a separate, secure network for your IoT devices. You can separate the networks your smart fridge and laptop with sensitive information run on for additional security.
In the future, we hope manufacturers will act responsibly and build security in during the design stages of the device. More can and needs to be done by manufacturers to ensure the safety and security of their devices. In the meantime, following these steps can help secure the IoT devices you're bringing into your home or personal spaces. You wouldn’t leave your front door unlocked, so don’t leave your home vulnerable to attacks.
Even the U.S. Federal Bureau of Investigation (FBI) recommends securing your IoT devices; "unsecured devices can allow hackers a path into your router, giving the bad guy access to everything else on your home network that you thought was secure," the FBI Portland Office explains. And in the long run, they will become more and more common. By 2030, reports show there will be over 50 billion connected devices.
In sum, IoT devices can be very useful and benefit your lifestyle. However, they can also introduce risk. This doesn’t mean you shouldn’t use them, only that you should be smart in how you use them and do the right things to ensure the benefits outweighs the risk.