InfoSec Blog - Smart homes Need Smart Security

IOT

February 23, 2018

With the launch of Google Home and Amazon Echo in Canada last year, you may have just added another IoT device to your IoT home portfolio. So, what is IoT?

IoT stands for Internet of Things, which is a catchphrase referring to commonplace devices and appliances - such as thermostats, TVs, refrigerators, door locks, lights, security cameras, parking meters, and automobiles - that are always connected to the Internet. It also includes Internet-connected "wearable" devices, such as fitness bands. IoT devices have been entering our daily lives with rapid speed in recent years. According to Gartner, there will be 8.4 billion connected "things" in 2017, and an estimated 20.4 billion IoT devices by 2020. 

Along with the fast-growing number of IoT devices entering into our home, privacy and online security of these devices has become one of the top concerns for IT security professionals.  In 2016, the infamous Mirai botnet successfully infected over 600,000 vulnerable IoT devices and used them in DDOS attacks to cripple several high-profile online services, such us OVH and Dyn.  So, what we can do to secure your IoT devices at home so that they won’t be weaponized by cybercriminals?

IoT devices share the same Wi-Fi network with our computers, laptops, tablets, and mobile phones at home. As a result, you should be dealt with security vulnerabilities in the same manner as your other computing devices. 

  • The top security issue on IoT devices is them being deployed using the default configuration and passwords. Always change the default passwords on these devices as soon as you get them. As well, you should only enable remote login after a strong password is set. 
  • IoT devices are exposed to software flaws just like any other computing system. IoT manufacturers do not usually consider mechanisms for validating updates due to the cost. To eliminate software exploitation via updates, users should only use applications and services provided through trusted channels, such as directly from the vendor.
  • Create two Wi-Fi networks at home if home router supports that functionality. One network is used for your online banking activity, email, and Internet Surfing. Then create another network used just for IoT devices. The network segregation can prevent eavesdropping and impersonation attacks if your IoT devices are exploited.
  • Configure firewall rules on your home router to reduce the possible attack surface on your home network and limit the potential for exploit.

There are many resources available online to help you with the important task of securing your IoT devices. If you are unsure how to proceed, ask for help!

 

Written by: Hanna Guan (Cyber Security Analyst, Information Security)