Let’s talk about a newly coined term called the Internet of Things (IoT) or how I like to refer to the technology – the Internet of Trouble. I’ve recently attended a security conference where IoT was a pretty hot topic. It seems that everyone is wanting to automate their lives, including yours truly.
What can possibly go wrong when we bring these automated things into our homes and attach them to our network?
Sure, there are profound benefits to having home automation. Everything from security cameras, wifi enabled doorbells with built-in cameras, automated door locks, remotely controlled lighting, and even smart appliances such as network enabled washers, dryers and refrigerators.
Unfortunately, many of the manufacturers which create these products do not design them with security in mind. Often times security is “bolted on” at the end of the product development cycle, if at all. Digging deeper into these technologies, you will find outdated and un-patched Operating Systems from 10 years ago, along with no upgrade path for future patching.
A lot of times the unsuspecting consumer is not even aware of the security implications that these devices bring to the table. Anywhere from invading ones privacy, to being used to mount attacks against other systems and networks.
So how can we protect ourselves?
A good start is changing the default user and password combo on these devices. Many manufacturers don’t even care if this is changed or not. Only a few devices force the user to set complex usernames and passwords during the setup process.
Checking for the latest and greatest firmware version is another good step to take. Again, not all manufacturers keep their products updated from an OS level. This is where it pays off to only buy products from well known and respected companies.
I’ve had friends brag to me that they were able to purchase a $40 IP Camera off of eBay that picks up audio and offers remote control capabilities. If that wasn’t bad enough, they then place these type of cameras in their private living space such a bedrooms and living-rooms. Anyone with half-way decent tech skills can locate these cameras and spy on you without your knowledge.
In a future post I am going to get into some additional technical controls we can put in place on our network, to restrict these devices even further.
But for now, please remember – you often get what you pay for when it comes to security. If you go cheap – don’t be surprised if you are compromised!