The latest technology in the world of IoT (internet of things) means our homes are gradually becoming more connected. Smart energy meters are becoming the standard and many now have some kind of voice activated assistant such as Amazon’s Alexa or Google Home. As well as offering efficient, time saving, handy or fun functionalities, all of these devices are also constantly sending anonymous usage data back to the cloud. But what if it isn’t all anonymous? Being connected to the internet is a two-way street and IoT devices are not invulnerable to being hacked.
We are all familiar with the fact that the latest technology in the world usually offers convenience or its services at some kind of cost. And that cost isn’t always immediately apparent. In the case of IoT, that cost is a cyber-security threat. I would be naïve to think otherwise. So how does one of the UK’s leading cyber security experts handle IoT appliances in his own home? Raj Samani, chief scientist at leading cyber security firm McAfee recently explained his personal approach in an interview with the Financial Times.
He’s cautious around potential IoT device security vulnerabilities. So much so that his kids consider him a “spoil sport” for limiting things or completely banning certain apps or functionalities. This is based on insight the McAfee threat research team gives him. One particular example was with a brand of smart plug they had at home that offers insights into electricity consumption and efficiencies. It requires a Wi-Fi connected plug socket which, he learned, meant a potential vulnerability in the plug’s security make-up could offer hackers a gateway into their homes entire Wi-Fi network.
He also only allows his young daughter to turn on her voice activated assistant for a few hours at a time. A compromise they reached when she requested one. He wasn’t comfortable with the concept of a connected device with a microphone in it constantly turned on in her room. He recognises that the general public don’t have the same depth of concern about IoT devices and that his occupation makes him slightly paranoid but prefers to be better safe than sorry.
Unfortunately, IoT devices relatively regularly have security flaws that could potentially be exploited even if in the vast majority of cases they never will be. Another security expert quoted by the FT, Keiron Shepherd of F5 Networks, by chance happened upon a default admin password accidentally hardcoded and left in the operating software of a security camera. It meant that if hackers were to breach the manufacturer’s systems and spotted it, they could in theory access every single camera it had ever shipped. On alerting the company in question they responded they had already been made aware of the issue but as the software was provided by a third party could do nothing until they updated it.
So how do you protect yourself if you’re not a cybersecurity expert? Fortunately, hackers usually target low hanging fruit. Following simple guidelines means non-IT experts can significantly reduce the threats that connected IoT devices can represent. Here’s a smart home security checklist:
- Check online for any known vulnerabilities found in devices you are considering buying.
- Change default passwords on IoT technology for a strong alternative.
- Update software regularly to make sure it has any patches that have been added to block off detected vulnerabilities.
- Secure your home’s internet router by setting it to the WPA2 standard.
And Mr Samani’s final piece of advice is don’t fill your home with ‘smart’ IoT devices for the sake of it. The less you have the easier it is to keep them all secure. Consider how much real benefit, other than the ‘cool’ factor, a connected device offers compared to the non-connected alternative:
“Yes, I could buy a smart doorbell — but what’s wrong with a normal doorbell?