Have you started a sentence today with “Alexa,” “OK Google,” or “Siri”? If so, you may have put your home or business at risk. The Internet of Things (IoT) is exploding, but many people are still unaware of the risks introduced by smart devices. Read on to learn what the IoT security challenges are and how to defend against them.
This article contains:
First, the number of devices that fall into the Internet of Things category is growing rapidly. Smart device manufacturers are putting IoT sensors into cars, light bulbs, electric outlets, refrigerators, and many other appliances. These sensors connect the devices to the internet and allow them to communicate with other computer systems. It’s estimated that by 2022, there will be 50 billion consumer IoT devices worldwide.
IoT devices provide us with a broad new set of capabilities, but they also introduce many potential security vulnerabilities. Every smart device needs to be protected and maintained over time as new vulnerabilities are detected.
That leads us to the second problem. Many IoT devices don’t include security features. Perhaps the vendor was in too much of a hurry to get its new smart device into the market, or perhaps it was too challenging to develop a security interface. While the devices themselves have become more sophisticated, there’s often no underlying IoT security framework to protect them.
Third, even when IoT devices do include security features, people don’t always take the time to set them up properly and maintain them. People are eager to get a new smart speaker or other device going so they can play with it, and they figure they’ll get back to configuring security features later and considering how IoT affects their privacy. Except they never do — and that leaves the door wide open for IoT security breaches.
We all love the Jetsons-style idea of a futuristic, super sleek smart home. Wouldn’t it be both entertaining and useful to have a digitally-enabled home that knows to make coffee for us in the morning, thaw dinner during the day (or have it cooked when we get home), adjust the temperature and window coverings to save energy, and then warm up the bed for us? Certainly, we like to make our homes smarter and more efficient!
This is where IoT security risks enter the picture: All the information, intelligence, and intercommunication required for that level of automation can be leveraged by nefarious people who also want that information for their own purposes. Let’s take a look at some of the main threats to consumer IoT security.
In the past few years, smart devices have taken data collection to frightening new heights, making IoT privacy concerns one of the most pressing issues facing the industry. For example, some smart televisions were caught recording conversations while listening for commands.
Smart speakers are also under suspicion of possibly recording speech. More than once, police investigating crimes have tried to subpoena data from Google or Amazon when they thought a smart speaker might have recorded pertinent info. And some vendors have been forced to recall toys when it came out that a teddy bear or other gadget was recording children’s voices and sending data to the manufacturer.
Smart devices can collect all kinds of data on you, such as the layout of your house, your work schedule, your habits, and more. One study found that, out of 81 common IoT consumer devices, 72 sent data to third parties other than the original manufacturer.
That doesn’t mean you should turn off any connectivity functionality. IoT devices generally need at least some data access to perform the functions for which we buy them. However, you may have limited control over this data access, unless you shut it off.
Because Internet of Things devices don’t always have security features, it isn’t difficult for hackers to break into them. Just like PCs, Macs and mobile phones, IoT devices are viable targets for malware infections.
Some hackers have used malware to either turn IoT devices into “botnets” that send out more malware or contribute to distributed denial of service attacks. Other IoT malware simply freezes the device (called “bricking” it).
Since IoT is getting more and more popular, many hackers have begun developing high-level software specially designed to attack smart devices. Given the typically low levels of security as well as the wealth of personal information stored on IoT devices, it’s understandable why they’d be so attractive to cybercriminals.
The Nest security camera is a frequent target for hackers looking to hijack IoT devices. In one case, someone received a fake warning about ballistic missiles, and in another, a couple was threatened with the kidnapping of their baby. In a third incident, a voice came out of the camera, and the hacker took control of the thermostat as well, raising the household temperature to 90°F.
Some of these situations are the result of poor consumer security behavior. The owners didn’t use strong passwords, or they used passwords that they had used in other places. When hackers stole those passwords, they gained access to the IoT devices as well. And it’s not obvious when that happens. While your laptop or your smartphone applications might tell you that someone has started using them, IoT devices don’t always do that.
Some IoT devices do offer multi-factor authentication (which provides another layer of security), but owners may not be aware that their devices have it, or how to use it.
But there’s a bigger problem. The whole point of IoT is that these devices are all connected through the Internet. All hackers need is to gain access to one device, and from there, they may be able to break into every other connected device in the house. That’s why it’s important to secure your smart home, not just open a box and plug things in.
Avast Omni secures your home network and every IoT device you connect to it for complete smart home protection.
Once inside an Internet of Things device, or inside a network through an IoT device, hackers can collect data about the household and sell it.
You might think, “So what? How much value does my household behavior history have?” but the vulnerabilities are extensive. Some smart devices store passwords, credit card numbers, encryption keys, and other sensitive information as plain text, which makes it easy to read. A hacker could also collect data about a family’s comings and goings, then sell that to someone looking for information about possessions or when the home is left unguarded.
The same benefits that make IoT devices appealing to homes also make them attractive to businesses. But the same issues that make a home vulnerable to IoT security flaws apply to businesses. In fact, it can be worse, because the volume of data is likely to be bigger, and businesses are legally required to keep data – particularly customer data – secure.
However, businesses also are likely to neglect IoT security risks. In one case, hackers broke into the thermostat in a casino’s fish tank. Because the thermostat was connected through the internet, the hackers were able to access the casino’s database, where they collected up to 10 GB of data.
Healthcare and manufacturing are particularly at-risk from IoT hacking. Wearable IoT devices, such as insulin pumps, can have especially dire consequences if hacked. IoT security is a serious concern in the healthcare field because of data privacy requirements, as wHow to protect your IoT devicesell as the possible consequences of a hack – with lives at stake. Meanwhile, many manufacturers are increasingly incorporating smart sensors and other programmable controller devices into their facilities, and these may lack sufficient security protection.
Now that you have an idea of how vulnerable Internet of Things devices can be, what should you do about it?
Think carefully about which devices need to be connected, and when. Do your smart speakers need to be turned on when you’re gone or asleep? Does your smart Keurig coffee maker need to be on once you’ve had your coffee? Do smart sensors at work need to be on when the machinery isn’t running and workers have gone home? Consider this whenever you’re adding a new IoT device. Don’t just automatically set it to be on all the time, figuring you’ll get back to it later.
Create a separate network just for IoT devices. If a hacker does manage to break in, the separate system would limit the hacker’s access. In particular, make sure the router on that network is secure by choosing a strong password, updating the firmware and software regularly, and closing ports that are common vectors for transmission.
Use strong, unique passwords for IoT devices, just as you should on your computers, smartphones, accounts, and applications. And if you’re having trouble remembering all those different passwords, try using a password manager. You should especially make sure to change the default passwords that come with your devices. Hackers know what these are and routinely check to see if they’re still active. If any of your IoT devices support multi-factor authentication, enable that, too.
Check IoT devices regularly for security updates. Do they have firmware upgrades, perhaps to address a vulnerability? Has their software been updated? Do they now support passwords, multi-factor authentication, or other security features that you can now take advantage of?
Use an anti-malware program that specifically protects IoT devices, such as Avast Omni. It’s a single security system that covers every device in your smart home — a convenient solution when it comes to IoT security and the ways forward.
So what about the future of IoT? Three things are clear:
Consumers and businesses will have increasing numbers of Internet of Things devices that can communicate with each other. Those IoT devices extend beyond the home and business to your car and other motor vehicles — and eventually, smart cities.
Hackers will increasingly target vulnerabilities in IoT devices. Smart cities are coming, and with them, large-scale opportunities for hackers to intervene in traffic systems, power plants, hospitals, or whichever other fields incorporate IoT without proper security.
Eventually, the IoT industry will realize that it has to do a better job of protecting its users. More vendors will add security features, either incorporated into the devices themselves or through aftermarket hardware and software.
You can be ahead of the curve. You don’t need to wait for the Internet of Things marketplace to catch up.
Be proactive by making sure you understand the security vulnerabilities in your IoT devices. Learn how to protect yourself by creating strong passwords and using software like Avast Omni to detect and clear malware on IoT devices. Avast Omni utilizes machine learning and AI to provide high-speed smart home protection that secures all your devices.