IoT: Internet enabled devices still have security flaws
(IoT) The Internet of Things:
Everyday we see more and more IoT devices come on to the market. The Google Home and The Amazon Echo had a great year and a projection by the Forrester Report Forecast shows that by the year 2022 there will be close to 244,000,000 similar smart home devices in American households alone. That is a ton of new devices and many more potential vulnerabilities.
The cool factor:
IoT devices have many functions from the ability to find and play a Netflix show with your voice ( my daughter always hides the remotes) or find a recipe and read it to you as you're cooking. The cool factor and low price tag on most devices make it easy to accept into your home.
In a previous post I spoke about Wi-Fi connected children's toys which are also considered IoT devices. Security vulnerabilities exist in anything that is connected to the internet be it a computer, smartphone, smart home device, or even smart refrigerator. Once security is bypassed it can be controlled just as you would control it and while some devices have very little personal information or control functions Google and Amazon store a lot of personal search data, Consider a device that tracks your location, or a smart home device you can order a pizza from. I know I would be pretty upset if my door bell rang and a delivery person was standing there with 15 pizzas asking for payment or a $2,000 stereo system that was charged to my Paypal account and delivered elsewhere.
What can we do to stop it? Unfortunately, if you buy one of these devices it is up to the manufacturer to update there security protocols and push out software to fix the problem.
Assess your risk. Do you need a smart refrigerator? If you do can you password protect it? Or use 2-factor identification to confirm ordering groceries online?
Read reviews on reputable tech forums such as Cnet or Tech Republic
Choose what data the device will see. The more access you allow a device the more information will be vulnerable. Do your online banking on a computer with a Virtual Private Network (VPN) or a secure browser like Avast's secure browser.
DO lock your device if you can. If there is an option to password protect, it do it.
DO NOT write down your passwords. I see this all of the time in both home and commercial offices where a yellow sticky note is attached to a monitor with the software name, username, and password.
DO NOT save your passwords on your machine. I know, I know its hard to remember all of them, certain websites have different password requirements and some even restrict maximum number of characters, but this is not only a cyber security measure its also physical. You don't have to be a hacker or programmer to get into a system that is unlocked and has usernames and passwords saved.
If you can't remember a password reset it and create a new one. Use a combinations of letters, numbers, and symbols that meet the requirements and also mean something to you. It can be anything, but it has to be memorable.
DO NOT use the same password for everything. This is a major concern. If someone is able to get your password through a vulnerability or physically from a note or book and it happens to be the same password on all of your accounts you can compromise your bank account, medical information, and other deeply secret personal information.