Securing your IoT home

The Internet of Things (IoT) continues to grow at a remarkable pace—with analysts predicting the global IoT market to be worth a staggering half a trillion dollars by 2021.

But experts have also noticed another IoT trend: dangerously lax security.

In this article, we’ll give you a little background to the security issues affecting the Internet of Things as well as a few simple steps you can take to make your home a safer place both today and in the years to come.

What is an IoT device?

Since we’re talking about the IoT at home (as opposed to in the workplace or other public venues), it’s enough to say that any “smart” device or appliance in your home that is connected to other devices over the Internet qualifies as an Internet of Things “thing”. In addition, the IoT also implies the collection and analysis of user data to enhance performance—a fact which has significant implications for privacy and security. 

The most common examples of IoT devices are probably virtual assistants like Amazon Alexa or Google Home, but a surprising number of other household appliances already have Internet-connected smart versions. From refrigerators that know when you’re running low on milk to baby monitors that can be remotely accessed from your iPhone, the list of IoT things is growing longer by the day.

Why would anyone hack a baby monitor?

One major challenge in making the IoT safer has been getting the general public to understand the potential security risks of having networked devices in their homes. And part of the problem is that the idea of hacking the fridge just seems a little…silly.

It’s pretty easy to imagine why bad actors would try to break into a computer network, but why would anyone want to hack a thermostat or a baby monitor? Then answers may surprise you.

Here are just a few of the possibilities:

• To create a million thing army
  Malicious actors have been able to infect large numbers of IoT devices with malware that causes them to send bogus connection requests to a website—overwhelming and crashing the targeted site. Called “botnets”, these armies of zombie devices have already been used by hackers to carry out crippling attacks against businesses and universities.

• To mine cryptocurrency
  Hackers are working on ways to leverage the distributed computing power of botnets to do more than just attack websites: IoT botnet cryptomining is also on the rise. Criminals have already managed to use the resources of a large number of compromised machines—including IoT devices—to mine the cryptocurrency Monero.

• Casing the joint 2.0
  Time was, a burglary ring would have to look for potential targets by driving suspiciously around a neighborhood, potentially attracting unwanted attention from residents or police. In the wrong hands, data from a hacked IoT device could be a valuable source of information about a household’s habits—like when the owners are most likely to be away. 

What can you do to protect yourself?

• Do a reality check
  Before networking a new device, ask yourself: Does my espresso machine really need to be connected to the Internet? Only you can decide which rewards justify the potential risks, but sometimes IoT security can be as simple as not connecting your smart device in the first place. So take a second to think things over and remember that you don’t have to connect absolutely everything to the Internet of Things!
  
• Change the Defaults
  Many IoT devices come with preset default passwords—and can be connected and used without changing them! This obviously makes it very easy for malware authors to create attacks that simply try known default passwords until they gain access to a device. So whenever you connect a new IoT device, change the factory default password immediately, and be sure to create strong, unique passwords for each device you use. 
  
• Keep things separated
  Consider the benefits of separating your IoT devices from the rest of your digital world. You may want to set up a special WiFi network that you only use for IoT things. Take the extra step of using a separate email address to register IoT devices, and don’t use it for anything else.
  
• Harden your network security
  Do everything you can to make your network difficult to attack. Don’t use the default router name, as this may reveal manufacturer or model information that an attacker could exploit. Instead, give your router a unique name that doesn’t disclose any identifying information. Use a strong encryption standard like WPA2, and as always, make sure your network passwords are as robust as possible. 
  
• Update that fridge!
  Reputable manufacturers are aware of the security risks to IoT things, and release firmware patches regularly. Some even build security software into their devices. If automatic updates and regular virus scans are available for your device, they should be enabled. If not, consider visiting the manufacturer’s website regularly to download firmware updates. 

The Internet of Things is here to stay, and is only going to become a more pervasive part of our lives. We hope manufacturers will become more conscious of security as the industry develops, but for the time being it’s important that anyone using IoT devices at home is aware of the potential risks—so that they can take steps to protect themselves.