An oven that makes sure dinner’s hot by the time you get home. A fridge that reminds you that you’re out of milk. A doorbell that lets you check who’s at the door from your phone. The IoT has the potential to make our lives easier and more efficient than ever before. But what do we give up when we use these devices, and are they worth the cost?
What is the Internet of Things?
IoT, or the internet of Things, is an internet formed not between human users, but between interconnected devices that share data with each other. The term is often used to label any home device that connects to the internet but isn’t usually expected to do so (sorry, smartphones, tablets, laptops and PCs).
Once you embed a processor and a load of IoT sensors into a “dumb” tool or appliance, there are few limits to what it can do.
The concept of the IoT has been around for a while. In the 1980s, researchers at Carnegie Mellon had an internet-connected soda machine that they could check with online to see if it had any drinks available before visiting it. However, interest in IoT devices has exploded given our access to smaller and more powerful processors and the opportunity to integrate them into our lives with smartphone apps.
Examples of IoT devices
- A refrigerator that can order certain foods when you’re running low;
- A baby monitor you can watch from work;
- An oven that you can set to preheat from your smartphone on your way home;
- A thermostat you can control to cool your home as you head home after a hot summer day;
- A pacemaker that can send your biometric data to your doctor.
These are just a fraction of the functions inventors have tried to implement as part of the IoT craze. Industrial and governmental devices connected to the internet can also be considered part of the IoT, depending on who you ask – things like water treatment facilities, manufacturing equipment, or even remote-controlled mining equipment.
Since the IoT industry is in its infancy (relatively speaking), manufacturers are still trying to figure out what people actually need IoT devices for. Not all of them will necessarily be useful, but almost all of them have the potential to become cybersecurity risks.
IoT cybersecurity risks
Right now, IoT devices are a perfect storm of cybersecurity vulnerability. Here’s why:
- Most manufacturers are ignoring the security side of the equation. In a rush to get IoT devices into the market, security takes a backseat compared to functionality and appearance.
- IoT security is difficult to implement. Even if manufacturers aren’t in a big hurry, security can be hard to get right on IoT devices. That’s because of the technical limitations of what they’re working with. Programming the device itself is very different from programming the program’s UI, and all of this usually has to work on a potentially proprietary and low-powered platform. That means limited computing power for any sort of encryption, decryption, or other rudimentary security-oriented processes.
- Many IoT devices are shipped with default logins. Instead of giving each device a unique username and password, it’s much easier to give them default passwords and logins. Think admin//admin123. If a device even comes with instructions on how to change the password, most users probably don’t follow them. That makes it very easy for hackers to log into them – as long as they can find them. Which brings me to my next point…
- There is a search engine for IoT devices. Shodan is a search engine that lets you search the world for IoT devices. You can search by technical parameters or with simple terms like “webcam,” but both will return thousands of devices for you to browse. If it’s connected to the internet, there’s a good chance that Shodan can find it. From there, a hacker who’s done even a tiny bit of research can log in with very little effort. If they’re a determined attacker, then even somewhat secured devices may not be safe.
- IoT devices are excellent malware hosts. Because their security is so weak, IoT devices can often be used to host and run rudimentary malware. They’re tremendously useful in DDoS attacks (click here to learn more about them), which require swarms of devices running simple bots to swamp their targets.
Even if your IoT device is totally secure, which it probably isn’t, there’s another huge risk it might expose you to – privacy violations. These devices are already notorious for harvesting data for their manufacturers. This data is ostensibly only used to improve their devices, but few companies will be able to resist the price that detailed user data could fetch.
Privacy and security risks can also appear accidentally. Amazon’s Alexa device, for example, accidentally recorded a private conversation at home and sent it to another user – without the owner’s permission. With IoT devices at home, it’s easy to forget that your media system, refrigerator, or air conditioner could be listening to your every word or watching your every move.
How to secure your IoT devices
- RTFM and change your password. RTFM stands for “Read The Friendly Manual” (not sure I got that third word right…). If your IoT device manufacturer put at least a bit of effort into securing your device, you should be able to change the password from the factory default to something secure. Check out our guide to creating a secure password, and then have at it! Make sure the password for each device is different, too. This is a small and easy change that can make a big difference, so don’t skip it.
- Ask yourself: “Do I really need to access this device remotely?” If you love the features offered by the IoT, a healthy dose of skepticism might be just what the doctor ordered. It can be hard to consider what sort of impact an IoT device might have on your life, but realizing that you’ll be fine with a WiFi-less oven is a guarantee that it’ll never be hacked!
- Create an offline WiFi LAN. If you’ve got an extra router, and if your devices can operate on a LAN, this can be a great choice for staying secure. Many people don’t realize that your router can operate without connecting to the internet. You can use it to create a local network that your home devices connect to along with the smartphone or computer you want to use to control them. Some devices can even support simultaneous connections to two WiFi networks with a bit of configuration.
- Keep your devices updated. Not all manufacturers are as dedicated to their IoT devices as they should be, but if they offer updates, it would be wrong not to take them. Updates can often fix critical security vulnerabilities, and there can be a lot of those when it comes to IoT devices!
- Get NordVPN for your router. Some routers are powerful enough to support the powerful encryption that NordVPN uses to secure its users. If yours does (check our list of router tutorials here), then NordVPN will allow outbound connections while blocking incoming ones. Your devices will still be able to send you data, but no incoming communication with them will be possible. This may be inconvenient if you want to control them remotely, but the encryption will block hackers, too.
Click here to get NordVPN!