IoT: How to secure your smart home against attacks
As more smart devices enter the market, consumers must be wary of IoT hacking. With homes becoming smarter and more connected, how do we decrease the threat?
So you’ve flung open the front door and welcomed the Internet of Things into your home. Alexa is perched atop your kitchen counter, your washing machine is linked to an app on your smartphone which also controls your surveillance and your thermostat beams data to some unknown server in some unknown location. Congratulations, you have a smart home.
It’s undeniable that the potential for absolute interconnectivity between all of your IoT devices is a good thing. They’re more efficient, they learn from each other and they work in perfect harmony: well, most of the time. Your daily tasks are made easier because of it but unfortunately, your security might not be.
As IoT ecosystems become more prominent in our homes, so too does the chance of hacking. The existence of multiple entry points and flimsy security could leave you open to attacks. As we move towards a more connected world, where reports suggest that spending on IoT will total $745 billion this year, many of the once-analogue devices we have in our homes are now part of that growing digital network. Some of those devices, with their inferior security systems, almost hang up a sign inviting hackers in.
How do attacks on our IoT devices work?
Just last year, McAfee exposed a vital flaw in Belkin’s Wemo switch. It may sound trivial, hacking a smart plug. You might think that the worst thing that the hackers could do is switch off your television. However, the smart plug’s connection to a WiFi network allows for device hopping. That innocuous-looking smart plug in your wall then becomes a gateway to your doors, your surveillance, and then your computer.
McAfee’s hack illustrated that by carrying out relatively simple attacks they were able to access a Smart TV on the same network, in just a few steps.
“Using the Wemo as a middleman, the attacker can power the TV on and off, install or uninstall applications, and access arbitrary online content. Smart TVs are just one example of using the Wemo to attack another device,” the report claims.
It goes on to say that once the attacker has gained a foothold, “any machine connected to the network is at risk.”
The security in some of these smart devices is often overlooked, as they are mostly used for simple automation. But if that smart plug is installed in a business office, where the records of millions of customers are present, then the threat of entry is even more serious.
Recently, “hacktivists” breached the databases of an IoT management company, Orvibo. They managed to gain entry to 2 billion logs containing everything from user passwords and email addresses to precise geolocations and scheduling information.
What can we do to eliminate the threat on our IoT networks?
There are three simple steps we can all take to ensure that our vulnerabilities are mitigated or removed entirely.
Research: With governments now eager to step in and regulate IoT security, there is hope that the security of future devices’ will be labelled. For now, however, one of the first things to do when shopping for a smart device is to make sure you choose the safest on the market. Eliminate the threat of attack at source by picking one with no safety flaws, good reviews, and various levels of security. A quick search will soon tell you what you need to know about the device you plan to buy.
Update: Keep your device up-to-date and install any firmware or hardware patches to continuously improve your devices. If any security flaws are found, any company worth their salt will quickly patch the issue, removing the threat as soon as possible.
Secure: To add extra levels of security to your IoT network, use complex passwords, change default usernames and enable multi-factor authentication (MFA). Also, creating a separate network for your IoT devices, especially in a business environment, will keep things even more secure. Using tried and trusted device access management systems and comprehensive security systems will also greatly diminish any problems you might face at the hands of hackers.