With the advent of Internet of Things (IoT) devices and smart gadgets, the internet has become a moreubiquitous, ever-present force in our lives. It beams through the air into our phones, televisions, thermostats, doorbells, security cameras, and even our refrigerators. Almost any device you can imagine either has a “smart” version, or likely will someday soon. While these devices provide endless convenience in our lives, they are not without their own pitfalls. With that in mind, it’s important now more than ever to learn how to secure your devices and how to keep hackers out of your home.
How Can Hackers Exploit IoT Devices?
If you picture your home internet network like a castle, then your computer and possibly your phone represent doorways into that fortress. Most of us have routers and firewalls which act as a sort of drawbridge or gate, defending those doorways from ne’er-do-wells that would invite themselves in for who-knows-what malicious purpose. But if our computers and phones are well-guarded entrances into our network fortress, then IoT devices can be gaping holes in the wall.
There are a number of reasons for this, like outdated components and software, or a complete lack of security built into the devices. As IoT devices become more commonplace, manufacturers are beginning to see the importance of making security a priority, but some are slow to catch up. Whatever the reason, it’s important to know how IoT devices might be exploited so that you can protect yourself.
Without proper protection, a hacker might be able to use your IoT devices to:
Gain access to your network and information on your computers.
So many aspects of our lives rely on and exist in computers now. Whether it’s banking information, credit cards, or pictures of your vacation, your computer holds all sorts of important personal data. Most home networks are relatively safe, but it’s possible that an IoT device can open doors for hackers if precautions are not taken.
Gather personal information from you.
Aside from the kinds of data mentioned above, a hacker with access to your network might be able to gather other personal details about you using various devices. Compromised cameras and microphones can help cybercriminals pick up all kinds of information, like the layout and contents of your home and insights into your daily routine.
But hackers don’t necessarily need eyes and ears in your house to do this. By looking at preprogrammed thermostat settings, someone could reasonably infer when you are and aren’t likely to be home. Nest thermostats even have infrared sensors that look for activity and adjust temperature settings when they sense that no one is home.
Gain access to your house physically (if you have smart home locks).
While most of the risks associated with IoT devices are strictly cyber, there are instances where your home could be compromised. Specifically, if you outfit your front door with a type of smart lock, hacking it could mean hacking your home.
Use your device for other cybercrimes.
A single smart fridge doesn’t have a lot of computing power by itself, but put it together with several thousand and you have the makings of something potentially dangerous. A “botnet” refers to a network of hijacked devices strung together with code whose collective processing power can be used for malicious purposes. Because IoT devices often are unsecure, they are often the target of such nefarious plots. In 2016, hackers used a variety of unsuspecting IoT and smart home devices to perform what is called a Distributed Denial of Service (DDoS) attack.
Harass you and your family.
Not long ago, a string of hacking incidents involving Ring security cameras made the news. In several homes across the country, cybercriminals were able to take control of the cameras, look into homes, and even use the two-way microphones to scare unsuspecting people.
How to Secure Your IoT Devices
If you feel like all of this information is intimidating, that’s understandable. However, there’s no need to start frantically unplugging your devices! Awareness is half the battle, and now that we’ve learned about some of the risks, we can look at reasonable precautions you can take to prevent these things from happening.
Put up a firewall.
Firewalls offer an extra line of defense (like a castle wall) between your IoT devices and the internet. After they are installed, your devices can connect to the firewall before reaching out to the internet, which creates an added layer of protection and fills in any underlying security gaps.
Change default passwords and settings.
Many devices come with default user names and passwords. It is absolutely essential that you change this. Hackers can easily reference the model online and the default login information is the first thing they’ll try. The user manual should provide instructions on how this can be changed.
This is also true for your router and modem. If you’ve ever looked at a list of WiFi networks, you’ve probably seen dozens with names like “Linksys” and “Netgear”. These are default router names and hackers often use them to learn its make and model, which can be used to break into it. Like your other devices, it is critical that you change these.
Use two-factor authentication whenever possible.
In the earlier example where the Ring cameras were hacked, none of the people involved had two-factor authentication (2FA) enabled. If they had, it is very likely that they would have been safe. In addition to a strong password, 2FA requires an added piece of information to log on. This can be a fingerprint, a face scan, a special PIN, or even an app that generates time-sensitive codes.
Don’t connect the device to the internet if you don’t have to.
While most devices require the internet to function, this isn’t always the case. For example, you might buy an appliance that only connects to the internet as a passive, secondary function. In situations like that, you might find that it’s better to simply take it offline altogether.
With that in mind, it’s also important to know exactly what it is your device does. For example, you might not need that camera on your smart TV all the time, or maybe you don’t need the IR sensor on your thermostat. Turning off features you don’t need can help limit what a hacker has access to in the event of an intrusion.
Finally, be sure you’re aware of all the ways your device can connect to the internet and disable the ones you don’t need. For example, if your device is hooked up with an ethernet cable, it probably doesn’t need to have WiFi activated. Turning this off closes off potential paths of entry for hackers.
Create a guest network for your IoT devices.
Many routers allow you to create a separate guest wireless network. Creating one of these for your IoT devices ensures that if someone does try to use them to break into your network, they won’t have access to your computer or other important systems.
Keep all of your devices up to date.
IoT devices, and electronics in general, are typically sold with outdated software that needs to be updated. Updates give manufacturers the ability to patch previous security issues that could be used to exploit them and gain access to your home network. When setting up your new IoT device, check for updates before doing anything else with them.
Use a VPN.
A Virtual Private Network (VPN) is a service that routes your network connection through an encrypted “tunnel”, adding another layer of protection to it. Because many IoT Devices lack data encryption, a VPN can be a powerful tool to compensate.