Internet of Things

August 19, 2020

iot imageWhat is the Internet of Things?

From toasters to washing machines, everyday consumer items are having chips inserted into them so they can connect to the web to collect and communicate data as part of the Internet of Things.

The term Internet of Things (IoT) encompasses everything connected to the Internet, but it is increasingly being used to define objects that "talk" to each other. Have you ever heard the term, “Smart device” - smartphones, smart cars, smart thermostats, smart doorbells, smart refrigerator - the list goes on and on. The IoT are those types of “smart” devices that are nonstandard computing devices that connect to a network and have the ability to transmit data.

While many of us have come to rely on these “smart” devices for added efficiency and convenience, they can be entry points for cybercriminals to violate your security, data, and privacy. It’s important for all of us to take steps to protect our digital life by securing our IoT-connect devices. Here are ways to do that.

Set a New Password on IoT Devices

Cybercriminals probably already know the default passwords that come with many IoT products. That makes it easy for them to access your IoT devices and, potentially, the information on them. Routers and connected cameras are the main source of IoT attacks because manufacturers' default configuration leaves them open to compromise, so it’s especially important to secure them.
  • One of the first things you should do when setting up a new IoT device is to change the password. It should be strong, long and unique to that device. For added security, make sure to change your router’s name. Give it an unusual name not associated with you or your street address. You don’t want your router name to give away any personal identifiers.
  • Most devices also now offer Multi-Factor Authentication (MFA), like sending one-time codes to your cell phone which are then required to log in. If MFA is an option, use it!

Disable Features You May Not Need

IoT devices come with a variety of services and features that are often enabled by default.

  • Review all the options when setting up your new device, and think about which ones you need and turn the rest off. Do you really want your smart TV telling the manufacturer what you are watching? Does your fridge really need to be connected to the Internet to remind you to purchase milk? Do you want copies of your doorbell’s videos automatically saved to the Cloud? If you don’t need it, disable it!

Keep Software Up to Date

When a manufacturer sends you a software update, don’t put off installing it. It might be a patch for a security vulnerability in one of their products.

  • Even a brand new gadget could have out-of-date software, so one of the first things you should do is check for updates. You can usually do that in its user interface or website; it might even be part of the setup process.
  • Keep your device updated by setting up automatic updates as the default, or manually update right away when your device notifies you.

Securely Connect your IoT Devices to the Campus Network

All personal IoT devices must meet minimum security standards before they are connected to the campus network.

  • If your department needs to purchase a new IoT device, work with Information Technology Services (ITS) and the campus Procurement Office to make sure that it meets all the campus security requirements. Also, have a clear understanding of who is responsible for keeping the device’s software up to date and secure.

Do Your Homework Before Buying

Now that you know what you should do to secure your IoT devices, look for those capabilities when picking new ones.

  • How easy is it to change the default password? If a device doesn't allow it, that is a definite red flag.
  • Does the manufacturer talk about security on their website?
  • Do any of the reviews talk about the security features?
  • What benefits do you get if you connect the device to the Internet? Do you ever plan to download custom wash cycles to your new washing machine? If not, do you really need to get the model with that feature?
  • Avoid devices with Peer-to-Peer (P2P) capabilities – these are particularly prone to vulnerabilities and are hard to secure.

It is estimated that by 2025, more than 21 billion IoT devices will be connected to the Internet. Being connected in this way can expose us as a target, not only to cyber attackers, but also to those who want to profit from our personal data that is being recorded, collected, analyzed, shared, and used. Proper management and security of our IoT devices will dramatically help and protect our data and privacy!

Resources

Videos

DHS Science and Technology Cyber Savvy – IoT

Security and the Internet of Things | #30SecTech by Norton

Links

Security in the Smart Home (ISACA, April 28, 2020)

Security Tip (ST17-001) - Securing the Internet of Things (Homeland Security, last revised November 14, 2019)

June SANS Ouch! Newsletter: Creating a Cyber Secure Home

Router Passwords is officially the most updated default router password repository on the internet. To find the default password of your router select the manufacturer from the drop-down and click the Find Password Button. https://www.routerpasswords.com/