Today’s entry is a discussion on securing your Internet of Things (IoT) devices. A colleague of mine shared a Check Point Software Technologies, Ltd.( @CheckPointSW ) , YouTube video. The video (posted below) illustrates a dangerous vulnerability they discovered in LG’s Smart Home system.
Quite informative, if you ask me. IoT devices are starting to permeate our daily lives. It has become mainstream to add internet connectivity to devices, appliances, and even automobiles in a effort to make our lives easier. Have you considered what you have in your home and business?
IoT Device Examples
In just a few short years, IoT is everyplace. What was once the domain of a devoted tinkerer, internet enabled devices of every kind are available. Here are some examples. Just looking around my house I realized that we have 15 IoT devices humming about!
- Cameras: Security Camera, WebCam, NannyCam, Video Recorders
- Home Security Systems
- Doorbells: internet remote enabled, embedded camera/speaker
- Doorlocks: remote control enabled, bluetooth capable
- Robotic Devices: vacuums, floor cleaners
- Kitchen Appliances: fridge, dishwasher, washer, dryer
- House hold automation: sprinkler controls, garage doors, water heaters, lights
- Entertainment systems: smart TVs, Home Theater systems, Blu-Ray players
Just search Amazon for “Internet of Things” and see what happens. Mind blowing! The amount of innovation going on in this area is amazing. Equally mind-blowing is the lack of a consistent cyber security discipline applied in the manufacturing of these devices. As noted by CheckPoint, once a hacker is in, they can leverage it to “see” into your private/business lives, take control your security systems, hijack the device into a bot-net, or use it to laterally infiltrate into other sensitive systems on your network. This puts your private information and intellectual property at risk.
Securing your IoT
CheckPoint gives three very simple and solid suggestions in the video above:
“1. Change the default password of your IoT device” Solid advice. But not all IoT devices have a means to change the default password. Cloud based devices could have a secure-key pre-installed that link that device to a specific online server. Advanced devices will negotiate a session key with the cloud based server when it is initially configured or use a trusted security service (aka Apple®’s Home Kit) to establish key-pairs between devices and servers.
Do your research before buying the device. Make sure you can change the password or that you have control over setting up the device’s connection to the Internet.
“2. Make sure all your appliances are up-to-date with the latest software version” Again solid advice. Very few manufacturers, though, will keep you IoT device up to date with the latest software. The more well-known the manufacturer is, the better support they are likely to offer. For example, EcoBee regularly updates its home thermostat firmware.
Do your research and buy the latest iteration of the device you are considering. All tech has an expected End-of-Life period when manufacturers will no longer support or update the software. Avoid being caught with an old device that you can’t update. Hackers will know its vulnerabilities and take advantage of it.
“3. Use a personal firewall for your home network” An absolute must for your home AND business network! A firewall is a device that will permit or deny internet traffic to and from you network. A basic firewall only permits traffic into your network when a device on your network requests it. It’s sorta like the doorman at a high-rise apartment complex:
Doorman: "Mr. Sienfield, there is a Mr. Costanza here for you." Sienfeld: "Ummm..No sorry. I didn't ask to see him today." Doorman: "Yes, Sir." [to George] "Sir, you are denied entry."
A firewall assists in preventing a hacker from entry to your network where they can use default passwords and vulnerabilities against you. A compromised device renders the firewall useless and gives the hacker unfettered access to your network! A well-managed, up-to-date firewall is an essential tool.
What do you do to secure your IoT devices? Share in the comments below and visit our DynamicCyber blog for more tips! Want a free Social Media security checklist? Click here to join our mailing list and receive your free download.