The IoT (Internet of Things) a little brief
Internet, one, if not the biggest improvements in the past few years, and the IoT the most important technologies nowaday. Almost every object can connect to internet now, besides computers and cellphones, now we can found things like cars, refrigerators, even doorbells!
Steve Ranger give us a simple but accertive definition for this technology:
The Internet of Things, or IoT, refers to the billions of physical devices around the world that are now connected to the internet, all collecting and sharing data. Thanks to the arrival of super-cheap computer chips and the ubiquity of wireless networks.
With this definition we can understand the concept, but now lets go deep and see how all this works.
IoT managment
Each device is responsable of its own functions, thats why they are continuously updating their software, but as we saw earlier they also need to be conected between them.
Thats why exists somthing like “Command & Control Centers” in charge of the software correct operation, updating, authentication and device enrollment.
To solve the conection issue, now is where somthing called “API” (Appliction Programming Interface). With this, any other service, aplication or device, can connect, communicate and collect data to execute some interesting stuffs, lets see some examples:
One of the most interesting examples of IoT is a smart home, first we need a home manager, for example “Home” by Google, we can use it from our cellphone or an external device know as a smart speaker we will use the “Google home” with this one whe can execute commands with our voice anytime, but we need some devices to interact… first we will use our SmartTV, from our manager, we can ask for some YouTube video, now our Google Home communicates with our TV through our WiFi and the API to play some cute kittens on the living room… but what if i’m not in my home? I can use the 4GLTE on my cellphone to use my home manager and ask for a cup of coffee while I get home. That’s the power of APIs.
All this sounds fantastic right? but there’s a problem, few people are aware of this and that makes it more dangerous… I’m talking about security.
Many people when uses this type of devices usually only worry about the functions or how helpful it will be, but is important look to how secure it is because remember, this devices collect and share data… our personal data like passwords, credit cards numbers, passwords, bank accounts, even our tastes and interests
This information can make our experience more personal and acurate but also can be used or any ciberciminal with bad intentions.
Thanks to Norton, one of the most recognized companies in cybersecurity, we can see some examples of attacks to our security on IoT Devices:
Cybercriminals sometimes access your home network though your router.
This attack happened in 2018 using the Malicious Software (Better know as Malware) VPNFilter, affecting thousand on routers in more than 50 countries arround the globe.
VPNFilter, using the Wi-FI router is able to install malware on the devices using that network… collecting personal information, passing trough the router like our login credentials or credit card information.
Cybercriminals can harness the power of your IoT devices.
In 2016, hundreds of thousands of devices connected on intertet were pulled into a “botnet dubbed Mirai”. (Botnet is the generic name for any group of devices infected and controlled by an attacker remotely) This combine the power of all this small devices and launched a large scale cyberattack downing a lot of major web sites like Netflix, Spotify and even PayPal.
Those are some serious problems, why this happens? Nortons give us some information too about this:
Why smart home devices are vulnerable?
The Wi-Fi Home routers and the security cameras are the prefered targets to attack by hackers and that is because in so many cases this devices does not have a built in security… A malware vulnerable device basically.
This is also fault of the IoT device makers because security is not their priority handeling some bad practices like:
- No system hardening, which gives a computer system various means of protection and makes it more secure.
- No mechanism for updating software, which can create vulnerabilities.
- Default or hardcoded passwords, which hackers can exploit.
Now we know the problems and the risk, but can we do something to be more protected? Yes, we can, here some Norton’s recomendations and advices:
How to build a more secure smart home.
Imagine our IoT devices as a home themselves, our front door should be the Wi-Fi router, that’s the one that handle the access to our devices, it should be equipped with some big security to protect us, thats why we need a more secure router.
Many people use the default router given by the internet service provider, but same as many IoT devices this ones lacks of strong security. Fortunately we can found better and stronger router on the marker.
Now that we have a secure router, let’s check our devices we might want. Is very importan check the “Privacy and Security” part in the manual but also here are some importants questions to ask and have in mind:
- What are the privacy policies?
- Will the provider store your data or sell it to a third party?
- How are updates enabled?
Give your router a name.
Usually the default name router includes information about the model or the maker and makes easier to the hackers identify the router to prepare an attack. Give your router a new name, an unusual one withou including personal information like your name, adress or something like that.
Use a strong encryption method for Wi-Fi.
You can have access to the router settings that’s why is a good idea use a powerful and strong encryption method like WPA2, almost every one have it, so feel free to use it, it will help to keep the comunication in your network secure.
Set up a guest network.
You can split your network so you can have a private network for you and your IoT devices and have a guest network for visitors, friends or relatives… they will have internet but not the privileges to manipulate your devices.
Change default usernames and passwords.
First of all, dont buy a IoT device that doesn’t allow you to change the default password, ussually it’s not a unique password, the makers handle a limited numer of default passwords and they repet it in many devices, so eventually a cybercriminal can foundthem and access to your devices, that’s why you need to change it. Also, like with the routers, change the name to make it difficult to identify from the outside.
Use strong, unique passwords for Wi-Fi networks and device accounts.
Avoid using general passwords like “password” “00000” or “1234”, also avoid using personal info like your birthday or your namer, instead try using unique and complex passwords usign letters, capital letters, numbers and simbols here a tool to help you creating a strong pasword: “Strong Random Password Generator” Try using too a password manager, is extremly useful.
Check the setting for your devices.
Now that we are done with the network, let’s check our IoT devices, usually they come with the default privacy, go to the settings and give a read and try to change it, usually this default settings benefits the manufacturer more than benefits you.
Disable features you may not need.
IoT devices come with a variety of services such as remote access, often enabled by default, if you don’t need it, disable it.
Keep your software up to date.
Technology always is improving, and security too, that’s why is highly recommended to update your device when a new update is released, especially on your cellphone, usually an update means a security patch and mobile security is very important because through this we can access to our IoT devices and settings.
Audit the IoT devices already on your home network.
Maybe you have a camara from 5 years ago or even more, maybe it still works but what about security, as i said, technology keeps improving, security too, and if your old camera doesn’t have more support or updates, you should consider an upgrade, now more with all this new knowledge.
Do the two-step.
The two factor (or two step) autentication, is the most extended method and many platforms have it, but is disabled by default, you need to turn it on. It consists of a code that is sent from the app either to your mobile or email and that must be entered back into the app to confirm that it is you who is trying to login.
Avoid public Wi-Fi networks.
Imagine your in a mall, and you want to chek the camera or any other IoT in your home, you check your Wi-Fi connection and see an open Networt, avoid using it, is to dangerous and anyone can infect you or maybe monitoring all traffic can access to your data.
The IoT makes our lives easir, is a big improvement, help us in many things and also is very cool, but with a bad management can be very dangerous, so choose wisely, read a lot and check always your security.
Thanks for your reading and I hope this works for you.
