How to set up an IoT gift for security
It’s that time of year again, when kids and adults alike will soon be unwrapping presents and playing with new toys. But if you receive an Internet of Things (IoT) device as a gift, you may want to pay extra attention to the cybersecurity ramifications of adding it to your home network.
Unfortunately, many Internet-enabled home appliances and toys have been found to have serious security weaknesses — weaknesses which malicious actors could exploit.
These can range from the mildly annoying, for example, in the case of “smart” things which get infected with malware designed to mine cryptocurrency, all the way to the severe, with hackers using insecure IoT devices as a way to access computers connected to the same network.
There are, however, some steps you can take when you set up your new smart device so that you can avoid these problems:
Do a reputation check
It’s worth searching for your gift by model name and number in order to see if there have been any security issues with the device (or manufacturer) in the past. If the company seems to be new, or unfamiliar, it may not have much of a reputation for security one way or the other, but a quick search can often reveal red flags and let you know to be especially cautious as you proceed.
Change the defaults
If the gift comes with default credentials, change these immediately. One of the biggest security issues with IoT devices is that many manufacturers ship them with default usernames and passwords — and consumers fail to change these, making them easy prey for hackers. So if your username is “Admin” and your password is “Password”, change these right away!
Check for updates
Before connecting your gift to the Internet, visit the manufacturer’s site to see if updates are provided regularly. If they aren’t, or if you can’t find any mention of updates and patches at all, this could be a bad sign, and is a good reason to reconsider adding your new smart thing to your network. Malicious actors routinely find security vulnerabilities on even the most well-engineered pieces of technology, and competent companies should know to patch these as they arise. If the device does come with software or firmware updates, see if there’s any way to make these automatic. If that’s not possible, try to sign up for company security alerts so you’ll know when to do a manual update.
Secure the network
One way to mitigate some of the issues caused by IoT devices on home networks is to make sure that the network itself is very secure! Follow best practices for home network security: Use a strong encryption standard, change the network name so that it doesn’t offer any hints about your identity or the brand of router you use, and protect the network itself with a strong, unique password.
Another possible way to lower the risk of using Internet of Things devices in your home is to set up a separate WiFi network just for these devices, separate from the network that your main devices are on. This way, if one of your smart devices is compromised, it will be harder for an attacker to get at your computers and mobile devices than it would be if everything was on the same network. This can be done by using two routers, or by setting up virtual networks (VLANs) on your main router.
Wait for HomeKit
Users of Apple HomeKit may not have to wait much longer for a native solution to many of the problems caused by IoT devices: Apple has recently introduced software support for HomeKit enabled routers. While the hardware is still in the works, eventually HomeKit users will have fine-grained control over which devices on their network can communicate with (and be discovered by) the outside world, and which can’t. The first routers with compatible firmware will likely start shipping in 2020, meaning that reliable IoT security might just be a matter of waiting a month or two to connect your new device.
Dumb it down
While smart devices can be neat, and sometimes useful, giving something an Internet connection is frequently more of a marketing gimmick than a genuinely useful feature. So if you’re not too sure about the security of your new smart thing, ask yourself if you can still enjoy it as an old-fashioned appliance, and if so, just forgo connecting it to the network. If you’ve received an IoT coffee maker, for example, you may get just as much use out of it by simply walking downstairs and starting a fresh pot yourself than if you were to do the same thing using the app.
Get rid of it!
If you’ve done some research and it looks like your particular smart gift may turn out to be a liability, seriously consider returning it or exchanging it for something else. Your IoT nanny cam that never receives updates and has a default password you can’t change probably shouldn’t be on your network. As the saying goes, it’s the thought that counts — and you wouldn’t want to open yourself up to cybersecurity issues just to be polite. So return that insecure device for store credit and get the blender you’ve been wanting instead!
If you take these steps, you should be able to enjoy your new smart gift safely (or, worst case, get a free blender out of the deal).