Security Risks of Smart Devices
We made a joke a while back about everything getting so smart that even water bottles will have smart features. The day has come that there ARE water bottles with smart features! Each device you connect to your network, though, opens you up just a little bit more to an attack. It might not even be an attack directly on you personally, but the attack could be part of a larger attack on a much larger target.
The phrase people use to describe smart devices is IoT, which stands for the Internet of Things. This means that even that little water bottle you are drinking out of is connected to the internet. It’s what happens when things get connected to the internet so you can do awesome things like freak your dog out by locking and unlocking the door from your phone, and using a video camera to view it’s reaction.
Last year there was a massive denial of service attack that brought down a good portion of the internet. Twitter, Netflix, Spotify, and PayPal were all affected by the attack. A denial of service attack sends an insane amount of traffic and commands to a particular server, basically overloading it, and causing it to fail. To get to the level of requests necessary to bring down those types of websites and services is astronomical. The attack was successful though because of it’s use of hundreds of thousands of IoT devices throughout the world.
Now that you are sufficiently frightened about the SkyNet just waiting to become self aware in your home or office, there are ways you can make these devices more secure, or at least protect your information from a compromised IoT device.
Put it on another network – Often your wifi router will allow you to create a guest network, or it will have multiple signals you can use to separate your network into 2, one for your IoT devices, and one for your computers smart phones and tablets. Usually the IoT devices doesn’t need to be connected to your exact network to function properly, it only needs access to the internet. Putting the device on a completely different network than the rest of the devices will protect your data from a compromised device.
Use a different password – As we mentioned in a previous blog post, you should never repeat passwords for different services. If someone gets a hold of your password for one service or device, it’s a good chance they will try that password (or slight variations of it) with other more important services you utilize.
Stay up to date – Make sure the firmware on your IoT device AND your wifi router is always up to date. Most software and firmware releases are patching security holes that have been found since the last update. One thing that happens when a patch is released is the malicious folks are given a free listing of exactly how to compromise that particular device. They will use that in their next attack and will be successful on all the devices that have not been patched yet.
Watch your connected devices – When looking at your router, you will be able to see exactly what devices are connected to your network. You can lock down specific devices that might be more of a security risk than others. It can be hard to determine what devices are what using the router’s interface. Your managed IT support provider can help you pinpoint exactly what devices are connected and who they belong to.
We know it’s fun to freak your dog out with your smart lock, just make sure YOU are being smart about how much access you are giving these devices, and you should be just fine!
Eric is the owner and CEO of Protek Support and is a CISSP (Certified Information Systems Security Professional). He graduated from Utah State University with a Bachelors of Science degree in Business with an emphasis in Information Technology (IT). He is an IT Services expert in a variety of technology related fields. Some of these fields include document management software/hardware, enterprise level networking and VoIP phone systems, as well as large scale software implementation projects and the setup of small business networks.