Most law-abiding citizens look at a smart phone, refrigerator, or television and know exactly what purpose it serves – to make calls or manage daily tasks; to chill food; to provide entertainment. Fraudsters have a different take on things. They are constantly trying to get one step ahead of the “good guys” and hack into our lives through the Internet of Things (IoT).
What is the IoT?
All of our WiFi-enabled devices are considered part of this mass network that has come to be known as the Internet of Things, or IoT. It goes way beyond smart phones, tablets, and PCs. Have you ever checked to see if you had enough milk in your fridge through an app on your phone? Told Alexa to play your favorite Beatles tune? Wore a fitness tracker to pace your runs? Congratulations – you’re part of the IoT! Any type of “smart” device connected to the Internet is vulnerable to being compromised. It is estimated there are 6.4 billion devices actively in use, with this number expected to triple, and then some, by 2020.
What are fraudsters looking for?
The Internet has made our lives “virtually” public. If cyber criminals dig deep enough, they can find personal information, like credit card or bank account numbers, by targeting our devices. Connecting your account information to your fridge or your Echo makes life convenient if you need to place a grocery order or purchase something online, but it also gives way to fraud.
Although criminals are going after your data, they could also be monitoring your physical activity to plot burglaries, too. In 2015, hackers were found to access fitness tracker information to monitor users’ GPS history and observe where a person regularly runs/cycles, as well as the times they go to sleep.
Televisions, computers, and devices with cameras raise the concern of criminals being able to spy on people in their homes. Additionally, Artificial Intelligence (AI) like Alexa, Siri, or Cortana, are listening all the time for your request. Who else is listening?
Why is my IoT device under attack?
Many devices are not designed with serious protection capability, making them susceptible to attacks. When you purchase your WiFi-enabled crockpot or tea kettle, you don’t have much say in the software it runs on, whether it can be patched properly, or if it’s even secure at all. But, up until now, did you even realize it was much of a concern?
Some security experts maintain, along with energy efficiency ratings, appliances should have cyber security ratings too; however, a rating can change over time as vulnerabilities are found in the software and new hacking techniques are discovered. Most smart devices are only as secure as their last update to patch flaws that could potentially let hackers in.
Thanks to a bipartisan group of Senators, the Internet of Things (IoT) Cybersecurity Improvement Act of 2017 was recently introduced. If approved, the bill would require manufacturers to ensure the device or appliance:
- is patchable
- does not include hard-coded passwords that can’t be changed
- is free of known security vulnerabilities
How can you reduce your IoT security risk?
- Change passwords regularly, don’t just stick with the default password provided by the manufacturer
- Create a special “guest” network for your devices, if your router allows it
- Turn off Universal Plug and Play (UPnP) on your router and your devices to minimize other unwanted gadgets from connecting to your network
- Keep up with firmware updates – if you don’t receive a notification, check manufacturer’s website regularly
- Use devices that can work outside of the cloud
- Eliminate unnecessary internet connections – if you only plan to watch broadcast television, no need to connect to the Internet
- Connect your device to your company’s secure network only if you have permission, otherwise you could be putting them at risk, too