Many of us are casual about IoT device security and don’t really lose sleep over it. After all, if it doesn’t affect us personally, how worse can it get? The biggest ever IoT-related security episode was the Dyn botnet attack which effectively shut down entire websites including Twitter, Amazon and Spotify.
However, it barely made a blip as the news channels that day were busy covering the 2016 U.S. presidential election. Rather than being concerned about the implications of such a serious breach, a more typical response was, “Twitter down? OK, I’ll stop using it.”
That kind of attitude towards IoT security remains just as strong today. The obvious solution to any IoT vulnerability among many people, including myself, is to shut down the problem device. Yet, such an indifferent approach may not work forever. It is important to become proactive and follow the right tips below to be absolutely sure.
1. Know Your Device Vulnerabilities
Your device can have weak entry points, and would-be intruders will use these exploits to gain network access. Clearly, a threat assessment can help you plug the holes in your network defense. For example, if you have a Wi-Fi smart door lock, tech-savvy burglars are likely to keep a tab on when you arrive home. Smart speakers often record private conversations in the background.
Furthermore, consumer appliances such as refrigerators and televisions often operate from apps which aren’t exactly exploit-free. Smart cars have in-vehicle systems which also store information about brakes, tire pressures and fuel levels.
After knowing exactly where an intruder is likely to strike, simply follow the next steps below to remove those threats.
2. Configure Securely
We all are eager and excited to start using a device immediately after opening the package. Spending five minutes to ensure a proper configuration can save lots of trouble afterwards. Many devices are shipped with default passwords such as “1234” or “0000” or don’t require any passwords at all. Changing the default passwords (don’t forget to write them down) to alphanumeric and special characters is always a good habit.
Many consumer IoT devices suffer from another vulnerability: the passwords are sent in clear text from the device to the cloud. With a compromised router, this might make those devices vulnerable to spoofing, DNS hijacks and brute force attacks. The next step, therefore, becomes all the more important to solve these problems.
3. Seal Your Routers/Internet Gateways
The weakest point of an IoT network is the router or internet gateway which facilitates the communication between devices. You can check online at F-Secure’s page if your router is going to face problems in the future. All routers have a firmware requirement to be updated. So, if you have a very old router, talk to your ISP and change it immediately. After that, do the following.
- Update your MAC addresses: Currently, all routers talk to internet devices through MAC addresses which are random numbers (34:45:12:22:18). As the number of IoT devices increases in the household, you might want to change them into names that you can remember. “Fridge,” “TV1,” “Doorlock,” and “Doorbell” are but a few examples.
- Invest in a smart home network security system: You should be able to keep track of all network-enabled devices in your home network. Solutions such as Avira Safethings allow you to monitor all your connected devices from one console. Google’s Nest Secure and Wink Lookout are a few other similar solutions.
4. Ensure Hardware Secure Modules (HSM) in Device
Obviously, for security assurance, you must deploy the best hardware in the network. Hardware Security Modules (HSM) are the latest technology used by IoT device makers to add an extra layer of security. It is done using a method called “key injections” in which each silicon chip is given its unique identity. This would protect your device from cloning, spoofing and other hardware attacks. Google offers an HSM service on its cloud network.
Many people are complacent that their security networks are penetration-proof. They have a lax approach to IoT device security. If you thought your smart devices weren’t vulnerable to hackers, think again. Whether or not you like it, smart devices are here to stay and would be rather omnipresent. It’s just a matter of time before the right reason drags you, kicking and screaming, into the IoT future. For all of us then, there is a real need to be concerned about the security of IoT devices.
What is your approach to IoT security? Please let us know in the comments.