Happy Halloween – the Internet of Things security nightmare is upon us – and it is scary!
The Internet of Things (IoT) is a dream come true, but its security aspects are truly a big scary nightmare. The possibility of being able to control everything remotely is such an exciting prospect. Who would not like to have their refrigerator automatically order refills when they are almost out of milk? How convenient it is to be able to monitor your home when you are away on vacation! People are now able to adjust their home air conditioning or heating to switch on just as they leave work, to arrive to a home at the perfect temperature.
Over the next few years, the industry of connected devices is estimated to be worth over $6 trillion. Unfortunately, IoT device manufacturers do not always put the highest priority on security while developing their products. This means that it is relatively easy for hackers to be able to break into a connected or smart home. Recently, this was demonstrated on an episode of the TV show “Madam Secretary”, where the secretary of state, who is one of the most well protected individuals in the country, was herself not immune from an IoT hack. In this episode, the hacker was able to switch lights and the TV on and off, leaving the family to feel like they were an unwilling part of a horror movie. Similarly, at Halloween now and in the years to come, it is more than likely that the “trick” in the “trick-or-treat” could easily be a hack into your home for the “treat” of getting a ransom-like reward. It’s much worse than having an egg smashed on your door.
What can be done about this?
Since this issue of the Internet of Things security nightmare has been front and center a lot recently, large companies have already been taking action to secure their devices better. Car manufacturers are also taking steps to fix known vulnerabilities in their smart cars. Smartphones keep getting security patches available regularly, again to fix known issues. Microsoft has introduced multiple actions to secure devices, one of the most recent ones being their introduction of a Security Program for Azure IoT, which is one of their popular suites for connected devices.
There are also standards and guidance being provided for IoT manufacturers. The Cloud Security Alliance (CSA) has provided guidance for the secure implementation of IoT-based systems as traditional enterprise security systems may not have the capability to secure IoT devices due to the difference in platforms, high mobility, and other privacy concerns. The National Telecommunications and Information Administration is also planning to formulate new policies in this area. These standards and policies will help manufacturers in providing consistent levels of security for their devices.
Consumers can also follow specific precautions that can help them address the Internet of Things security nightmare:
- Even today, many consumer Wi-Fi networks are not even password-protected. It’s important for consumers to speak with their internet service providers to ensure that they secure their Wi-Fi routers.
- Apply security patches released by manufacturers, operating systems and smartphone companies.
- Always change the default password that comes with the device. If there is no default password, set one immediately. If possible, change the user id as well to something non-standard, e.g. If possible, do not keep the user id as Admin or Administrator.
- For IoT devices that are at home or at the same venue as your computers and your data, connecting devices to a separate Wi-Fi network may increase your security and privacy.
Earlier this month, the Online Trust Alliance (OTA) released a Consumer IoT Security and Privacy checklist that contains steps consumers can take to increase the security of their homes and connected devices.
It is fitting that Halloween is celebrated on October 31, the last day of National Cybersecurity Awareness month, indicating to us that the Internet of Things security nightmare is real, cyber attacks can be scary and cyber security awareness is required all year round. Read more about how businesses and individuals can protect themselves from hackers, on our blog at https://24by7security.com/blog-2/
Happy Halloween – Stay Safe and Cyber Safe!
By Rema Deo.