Risky Business: the Internet of Things (IoT)

The internet has grown exponentially since it was introduced in 1981, and it’s unlikely anyone foresaw the level of dependency we’d have on it. Not only are we connecting our computers, phones, and tablets, but also our thermostats, TVs, vehicles, watches, refrigerators, toasters, light bulbs and a host of house hold appliances. Welcome to the Internet of Things (IoT).

While these innovations have made our lives easier and everyday tasks convenient, it’s also brought with it some serious security concerns. Traditionally we think about hackers breaking into our computers, but your Philip’s Hue light bulb is just as much at risk, if not more, than your laptop. If connected to the internet, your thermostat, security system, and refrigerator are all vulnerable to attacks.

How Serious Are IoT Vulnerabilities?

On January 27th, the FTC issued a report detailing best practices and recommendations for businesses to follow in order to protect consumer’s privacy when dealing with IoT devices. In their report, the FTC identified three security risks: the increased number of Internet-connected devices increases the number of network vulnerabilities and creates a greater possibility for unauthorized access; the proliferation of devices can facilitate attacks, such as DOS attacks, on other systems; and the exploitation of vulnerabilities on the devices themselves and the networks they are on, creating risks for personal and physical safety.

The Internet of Things is currently in the infant stages of life, and as such the focus has been on innovation and timely product launches rather than security. Just last July Alex Chapman and his team broke into a network via an LIFX bulb and was able to capture the WiFi details and decrypt the credentials without being detected. While LIFT fixed the vulnerability with a firmware update, for many the damage could have already be done. Your data, network and devices are at greater risk as these devices are added to your network.

Consumers aren’t the only ones in danger. In December of last year, a steel plant in Germany was hacked, and the furnaces were unable to shut off. The unknown hacker was able to take full control over various automated processes by using a sophisticated spear phishing method. As more industries connect their systems to the Internet, they expose themselves to these types of hacks.

How To Protect Yourself:

While companies work to improve the security of their products, you can take steps to protect yourself and your data.

  • Perhaps the most obvious step you can take to protect your information is to create passwords that aren’t easily guessed and changed every 3-6 months.
  • Update the firmware and software on your devices regularly. While not all updates contain security patches, many do. Failing to update your devices could leave you exposed to a well-known vulnerability.
  • Use a router with WP2 encryption for your wireless network. If you have an older router, that doesn’t offer WPA2, toss it out and get one that does. And while you’re at it, opt for a router that supports multiple SSID’s. Put all your personal networking devices on one network and your IoT’s on another. This way if your IoT devices are compromised, your personal devices will remain isolated from them and less vulnerable.

The IoT has come a long way in a very short time, but it has an even longer way to go. The opportunity is there, and companies are making new devices enhance our everyday lives, but the security of these devices is something to be desired. Using the three suggestions above you.

Featured image from Shutterstock.

A UNC Chapel Hill graduate, blockchain enthusiast and analyst. I have a background in programming and IT, strong studies in econ, stats and game theory. I'm interested in online privacy and privacy laws.