Last month, a botnet targeted more than 1,000 different models of Internet Protocol (IP) cameras with DDoS attacks, highlighting vulnerabilities in over 122,000 connected cameras across the world. Most Internet of Things (IoT) devices, like the affected IP cameras, come with a basic setup password, such as “admin” or “1234.” Users keep these passwords for the same reason “123456” is the most common online account password – convenience. However, as these latest botnet attacks demonstrate, IoT convenience comes at a price – it creates the potential for security risks. As additional connected devices are added to the IoT, balancing convenience and risk will become even more critical.
IoT attacks grew by 20 percent each quarter of last year, per McAfee. Upon activation, many devices require the user to input personally identifiable information (PII), which allows the device to learn about the user and become more in tune with their likes or dislikes. This makes using the devices more convenient, but all of that collected PII is a security risk. When that PII is shared across multiple devices, it introduces additional avenues for a hacker to obtain critical data.
While a hacker accessing a fitness tracker may not seem like a big deal, it could act as a gateway to more sensitive information. For example, as Gary Davis of Intel explains, many wearables or other IoT devices connect to our smartphones, which hold significantly more data than the device itself. We’ve seen examples of vulnerabilities in action, such as home automation devices where a hacker could access sensitive information via the related app or launch malicious code onto the smartphone that houses the app. Keeping phones secure will, in turn, help improve the security of other devices.
If you use a connected device, take the proper steps to ensure that device’s security is as strong as it can be. These steps may take a few extra minutes to complete, but they’re well worth any inconvenience that arises.
Update your devices regularly
This is one of the easiest things to do to help improve security. For starters, change the default password as soon as you begin using your device. Even if it’s not as basic as “1234” or “admin,” it’s still easier for hackers to access devices that are using the factory settings password. Devices and apps regularly receive updates and patches from developers. These updates are designed to fix potential bugs or vulnerabilities within a device or product. Keeping everything on your device up to date ensures you have the latest security at your fingertips. If your device uses a password, be sure to create strong passwords by using a long and unique combination of numbers, letters, and special characters for each device. Additionally, avoid accessing the device from a public, unsecured Wi-Fi connection.
Be aware of the privacy policy of your devices
It’s easy to skip over the privacy agreement when installing a new device, but you may be agreeing to hand over more information than you’d like to divulge. Take a few moments to research online and read through the privacy policy to learn what kind of PII the device collects and how it is used. If you don’t agree with the privacy policy, don’t use the device.
Part of this privacy responsibility falls on the shoulders of manufacturers. As consumers, we must make it known that security is a top priority for the IoT – industries won’t ignore the demands of their customers. For example, new car buyers reported in surveys that they were concerned about the security of connected cars. In response, the Alliance of Automobile Manufacturers developed a set of privacy principles they promise to follow.
Continue educating yourself
The privacy journey of the IoT should never end. By doing our due diligence, researching device manufacturers and software companies, and only sharing PII if necessary, we can help reduce the risk of data loss and identity theft. The IoT makes our lives more convenient, but that convenience should not come at the expense of security.