Internet of Things: are you exposed?
In 2016, a massive online attack that targeted some of the world’s highest profile websites - including Twitter, Paypal and Spotify - used baby monitors, among other devices, to carry out the attack.
But how - you ask? Because so many devices we now use in our homes are connected to the internet. So many tools in our offices are connected, but we don’t see them as a risk. Is my air conditioner really going to freeze my network? Maybe not, but it can be used as part of a botnet to target other networks. If it’s not protected, then it can be exploited.
Any device that has internet connectivity can be compromised. So, how secure is your home? How secure is your business?
Everyday appliances and ‘smart’ devices that are connected to the internet are part of what is known as the Internet of Things (IoT) - a vast array of internetworked ‘things’ ranging from domestic appliances to buildings and vehicles.
According to reports from publications such as Smart Company, The Guardian and The New York Times, the 2016 distributed denial of service (DDOS) attack harnessed IoT devices such as web cameras, baby monitors, and digital video recorders to launch enough traffic to overwhelm the targeted websites.
Smart fridges, smart TVs, even smart kettles can be exploited and used against you or against someone else. Like the 2016 attack, these devices can be co-opted into a ‘botnet’ - a network of computers enlisted to deliver a DDOS attack without the knowledge of the owner - to bring down other networks. Your smart devices can also be hacked to use connected cameras to spy on families. Typically, the owner of the device has no way of knowing when it has been compromised. Unprotected devices can also provide a backdoor to your network, leaving your business or personal data exposed.
This is not the first time hacked smart appliances have been in the news. Concern about the lack of security for such devices is growing, with reports about the dangers of everyday items like smart fridges and kettles being hacked. Often these smart appliances are controlled by mobile phone applications and communicate through home or business wifi networks.
The types of internet-connected devices targeted for exploitation are generally unlikely to be protected by security software in the same way as personal computers, smartphones and tablets.
Attackers can use software to locate devices that are secured only by factory-set default usernames and passwords. These settings are typically not changed, or cannot be changed, by manufacturers or home users and are easy for attackers to identify, guess or break.
But there are steps you can take to reduce these risks.
Stay Smart Online recommends that you educate yourself about the security risks of purchasing, installing and using internet-connected devices.
Steps you can take include:
- Whenever possible, change any default passwords on the device to a secure and private password. If unsure, look up how to change the device settings on the manufacturer’s official website or contact their customer service centre. Learn how to create and remember strong passwords.
- Often devices collect a lot of information (usage patterns and house hold activity) and have cameras and microphones. Make sure you read the terms and conditions/operating instructions for the device and understand what happens to any collected data.
- Make sure your business’s wireless network is properly secured. Learn how to protect your network.
- Ensure your software updates are set to apply automatically on your device. Learn about updates.
- Follow all instructions when installing and configuring the settings for the device.
You should also continue to be vigilant about protecting these devices throughout their lifespan.