Who’s using IOT? That’s right, you are
Here’s how to stay safe.
The Internet of things (IOT) mega-trend can seem very space age and futuristic, a bit like hoverboards or Jetsons-style robo-butlers. It’s often mentioned in the context of brain-befuddling trends such as cloud computing, big data and analytics, and artificial intelligence. And when you dig into what it is – machines talking to other machines via the Internet – it seems quite distant to our daily lives.
But the reality is that most of us have some form of IOT device in our homes today, from smart TVs and speakers, security cameras and home automation devices to gaming consoles. Almost by stealth, something that seems very out there and a long way away is actually right next to us, right now. And along with the incredible usefulness and entertainment value of these devices comes a range of security concerns that you should know about, and protect yourself from if necessary.
There have already been a number of security incidents involving smart devices, from hackers accessing security cameras and harassing people, to kids’ smart watches that allow anyone to see the child’s location and personal information, to the CallStranger vulnerability that allows hackers to steal data, scan networks and launch distributed denial of service (DDOS) attacks via popular home and corporate IOT devices.
What you can do to protect yourself
1. Do your research
Before bringing any device into your home, do your research using independent third-party resources such as IT security organisation, AVTest’s dedicated IOT site. This means that at the very least you will be aware of the threats that exist, and at worst, you may decide to avoid that device. But, more than likely, you’ll land somewhere in between: doing what you can to manage the threat according to your specific situation.
2. Be wary of zero security incidents
Any legitimate IT company is transparent about its security incidents and rapidly tells users what it has done to repair any damage and stop the threat. Security vulnerabilities are inevitable, so it is reassuring to see that a company is serious about patching them quickly.
Take a look at Cisco or Microsoft’s security advisory pages for good examples. A company that doesn’t do this either doesn’t know about its security issues and attacks, or is not being transparent about them, neither of which bode well for the safety of the IOT device you are bringing into your home.
3. Ensure the device’s firmware is up to date
Not all IOT devices allow you to update their firmware, which would allow you to patch any known vulnerabilities as they are discovered. If the device does not allow updates, you should consider whether you want it in your home and connected to your network. And if the firmware does update, you should, just as with any other IT service, keep it up to date. Advanced users might want to replace the factory-installed firmware in devices like Sonoff smart switches due to concerns about these home automation devices transferring unencrypted data back to servers in China.
4. Disable universal plug and play (UPnP)
As I mentioned in my guide to boosting your home WiFi performance, UPnP is incredibly useful, but it’s often just not viable in the real world, where you can’t be sure all the devices connecting to your network are secure and safe. For instance, the CallStranger vulnerability mentioned above operates via a UPnP callback. To add insult to injury, depending on your router, UPnP might take a while to patch, or it might even not be possible to patch. The best option is to disable UPnP on your WiFi router. This doesn’t mean you won’t be able to use these smart IOT devices, but you might have to spend a bit of time setting up manual exceptions, port forwards or NAT (network address translation) rules. You can Google how to do this, for instance, here and here are instructions on how to set up a static IP address for your Xbox One, and so avoid activating UPnP.
5. Strong passwords and multi-factor authentication
As ever, updated, strong passwords are your first line of defence, with multi-factor authentication adding a double-lock to your security. Also, with shared IOT devices, it’s better to set up unique profiles for every user, rather than sharing a common set of usernames and passwords.
It is not the tech itself that is scary, it’s our lack of understanding of the new that can make it dangerous. And we each need to establish our own threat tolerance based on our individual circumstances and requirements. A very practical example of this is that we might be comfortable adding more devices to our network in the shape of IP-enabled security cameras in order to boost our physical safety. But, at the same time, we should install and set up the Internet-connected cameras in a way that ensures cyber safety.
And you don’t need to become a systems administrator to do this: basic knowledge and some research can help you make an informed choice, and basic security measures can keep you safe.
Finally, these security vulnerabilities seldom start out with malicious intent by the manufacturers. Very often, it is down to something that is overlooked in the race to get a new and exciting product to market, and then criminals take advantage of that vulnerability. Of course manufacturers have an obligation to ship products that are as safe as possible, but for those of us who are early adopters of new technology, this is always something we need to consider, especially as the pace of innovation increases.
Synapsys is the award-winning distributor of Acronis cyber protection solutions and services in Africa. Founded in 1997, it became one of the world’s first Acronis distributors in 2003. Today it is 100% focussed on supporting managed service providers who sell Acronis cyber protection solutions and services to their customers, helping them to maximise the benefits of this pioneering technology and way of working. Data protection and backup can no longer be considered apart from cybersecurity and Acronis’s complete, innovative cyber protection service offers full digital business protection and keeps organisations #cyberfit.
Find out more at synapsys.co.za
Acronis sets the standard for cyber protection and hybrid cloud storage through its innovative backup, anti-ransomware, disaster recovery, storage, and enterprise file sync and share solutions. Enhanced by its artificial intelligence-based ransomware defense, blockchain-based authentication, and unique hybrid-cloud architecture, Acronis protects all data in any environment, including physical, virtual, cloud, mobile workloads, and applications. Founded in Singapore in 2003, today the company is trusted by more than 5 million consumers and 500 000 businesses worldwide, including 79 of the top 100 most valuable brands.