More IoT devices are constantly being released, many of which now track our whereabouts, our online activities, or even become irreplaceable parts of the upcoming automated driving systems. Although incredibly beneficial in a lot of ways we cannot yet imagine, these devices may, however, introduce a lot of security challenges and risks.
IoT devices collect a lot of personal data, and they can be hacked and misused in a number of ways. Everybody knows about the botnet armies that have been used repeatedly after the infamous Mirai cyberattack disrupted countless websites across the United States in 2016. Not as many people know that even an apparently harmless stuffed animal such as a CloudPets toy may represent a serious threat if it is hacked and made into a remote surveillance device. Anything that has a camera or microphone can quickly turn into a nightmare, and that's just the tip of the iceberg. So let's have a look at a few quick tips for how to secure IoT devices, and protect your privacy and security. (For more on IoT security, see 10 Steps to Strengthen Your IoT Security.)
1. Keep Your Firmware Updated.
Keep your software updated at all times. This is the bread-and-butter of IoT security, and, likely, the most essential tip ever. Patches get released all the time to address all potential vulnerabilities, so keeping your firmware fully updated at all times is extremely important. However, not every manufacturer can add a software update distribution model if the IoT device is, for example, a smart dishwasher, a wearable or a car accessory. If an auto-updater is not available, be sure to take your time downloading and installing the latest firmware from a genuinely reputable source. Don't just Google for the latest patch. Download them only from the device manufacturer's official website.
2. Protect All Your Devices with Secure Passwords.
A locked door won't serve any purpose if anybody can find the key, right? Well, the same goes for the passwords used to access your smart devices through connected accounts or offline interfaces. Most manufacturers set up a default password for all devices to simplify configuration and update processes. However, as soon as you install the device, be sure to change the password as soon as possible. And use a robust one too! Use a creative combination of letters, symbols and numbers, and do not re-use the same password for multiple accounts – especially not the one you used for your email or social media accounts!
3. Keep Your Devices on a Separate Network.
Never underestimate the threat that a corrupted and evil fridge may pose to your personal life. A lot of modern "smart" kitchen appliances and gadgets have access to your network, and it's simple for a hacker to jump from that IoT device to your main personal device and steal your information. Keep all these wireless devices separated from those where you've stored sensitive data such as banking credentials by creating a separate network just for them. You can set up multiple networks on many routers, and the more they are segmented, the harder it is for a cybercriminal to gain access to the most vulnerable ones.
4. Think About IoT Security Before Buying a Device.
Some IoT devices such as earphones, smartphone accessories or gaming devices may seem like cheap and harmless stuff. However, they're connected to your network just like anything else, and may, nonetheless, represent a vulnerability. Always investigate the safety and reputability of a device, as well as the security systems it has in place before purchasing it. Does the device have built-in PKI managed services? Is it compliant with TLS/SSL and encryption standards?
Security must be a fundamental priority for the designer, so check the reputation of those who produce and deploy the IoT as well. Some groups such as the Internet Society Internet Engineering Task Force (IETF) are currently pushing for standard protocols, but not every manufacturer out there cares about adhering. Keep your eyes open! (To learn more about IoT risks, check out The Key Risks Associated With IoT – And How to Mitigate Them.)
5. Turn Off UPnP.
Devices using Universal Plug and Play (UPnP) are those most vulnerable, as the protocol allows IoT devices to automatically open the ports needed to connect to the outside internet. Cybercriminals have exploited UPnP flaws many times already, such as when they enlisted over 100,000 vulnerable routers to launch a massive spam attack in December. Despite many patches and fixes, UPnP is, still today, a poorly secured doorway through which any malicious hacker may access your network. And it also slows down your router's response time.
UPnP "trusts" everyone by default, so it's like choosing a friendly Labrador as a guard dog to protect your house. Although this does not necessarily mean that UPnP is a useless and outright malevolent feature*, it is always safer to turn it off whenever possible.
*It probably is.
6. Secure Your Main Network.
Securing your main network is basically your backup plan, but it is a very important one nonetheless. If everything else fails, and a hacker still finds a way to sneak into your IoT network, you must be sure that your sensitive data is protected behind a bulletproof shield.
A firewall is a great place to start. Not only it will help you keep hackers as well as viruses and malware from reaching the "pulsating heart" of your network, but it will also prevent infected devices from sending back your private info by denying any unauthorized traffic. If your computer's built-in firewall is not sufficient against the average hacker, you can always install a better, more secure one. Or you can configure a hardware firewall if you need to protect significantly more valuable data.
Final Thoughts
Probably the best, yet simplest, advice that we can give you is to keep your IoT devices connected only when you need to. How many mics or webcams do you have right now that are still connected to your PC even if you're not using them? Just disconnect devices whenever you're not going to use them – there's no better way to make them become secure than just turning them off!
