We’ve previously posted advice about where to acquire your IoT devices and how to keep these devices safe. In the latest post in our A Guide to Protecting and Monitoring Your Personal Cyber Security series, we’re doing an update on the latest risks and concerns and giving you fresh news on securing your IoT.
Alexa and Google Home are examples of well-known Internet of Things (IoT) devices. But many more IoT devices have hit the market. We now can buy connected dog food scoops, kids’ toothbrushes, pelvic muscle trainers, egg trays, and garbage can monitors. Between the time this post is written and when it’s published, there will probably be at least one new type of IoT device available for purchase.
Convenience, speed, the ability to collect and mine data for wellness insight: these are factors driving the growth of IoT devices. Data insecurity, health and personal safety, and loss of privacy are the IoT risks and concerns.
IoT Device Risks and Concerns
A recent article from Tech Republic, lists some of the least secure IoT devices:
- Baby monitors – Parents may not change default passwords and firmware may not automatically update, leaving the device open to hacks.
- Toys – Manufacturers often stress time-to-market and low cost over security and testing.
- Cell phones – The concern here is the use of third-party apps that are not downloaded from an official app store such as the Apple App Store or the Google Play Store. Apps from other sources could be at higher risk of a security attack.
IoT challenges run the gamut from data loss to personal insecurity. Here are a few examples of risks and concerns:
- Data and identity theft concerns: Your data and your identity can be accessed through IoT devices. IoT devices collect reams of data and manufacturers store much of this in the cloud, making it susceptible to theft by hackers. Beyond data loss, your identity details can be used to gain access to financial accounts and file phony tax returns.
- Theft: Increasingly, the IoT ecosystem allows for interactions in the ‘real world’. The Amazon Key home delivery system and service is an example of where IoT literally opens the door to your house and possessions. Amazon had to quickly deliver a fix in late 2017 when it was discovered that a security camera flaw could allow a malicious courier to freeze the camera, thereby undermining a key component necessary for customer confidence. And Amazon just issued a fix for another flaw that could bypass the lock mechanism.
- Personal health and safety: Medical device hacks of equipment such as pacemakers and insulin pumps are a very real health concern. Issues with some personal protection devices, if exploited, could open up users to tracking or prevent them from working — rendering them effectively useless in delivering personal protection.
- Privacy concerns: IoT and personal privacy are closely intertwined. One of the most fundamental IoT devices in use in most homes now – the Smart TV – collects and can transmit mountains of data about you and your viewing habits back to manufacturers. Privacy concerns can be larger than the exposure of one person’s location. Recent news highlighted how the Strava fitness tracking app inadvertently exposed the locations of military bases by sharing how service people move.
IoT Security Solutions: Before and After You Buy
The key to IoT device security is to start before you buy. Keep security in mind before your purchase by looking at the IoT device manufacturer’s security approach and record. Be wary of cheap items that may signal a less-tested and more vulnerable device.
After purchase, changing the default password on your IoT devices, keeping device firmware current, and regularly backing up all of your systems (computer, laptop, tablet, smartphone) are the basic steps you should be taking to ensure IoT device security and mitigate against an incident. KrebsOnSecurity recently posted some additional advice on IoT security.
If you are concerned about how much data your devices are ‘sending home’, spend some time investigating the device settings to determine what kind of customization options are available. For example, Consumer Reports recently reported on how to turn off ‘snooping features’ on five major television brands.
If you are passionate about privacy rights and are interested in supporting advocacy in this area, the Future of Privacy Forum, the Electronic Frontier Foundation, the ACLU, and the Privacy Rights Clearinghouse are just some of the organizations looking at the intersection of privacy and IoT.
Finally, for a comprehensive – and disturbing – take on IoT devices in the household and the data they capture, you may want to read The House That Spied On Me.
We may be at a turning point – or, at least, a deceleration – in rampant IoT device adoption. The last year has seen several high-profile data breaches in the news, and there is heightened concern regarding personal data. A new study by IBM Security surveying 4,000 adults found that consumers are now ranking security over convenience. Whether this desire results in a greater push for IoT device security remains to be seen.
Missed a previous post in our A Guide to Protecting and Monitoring Your Personal Cyber Security series? Check out 2FA and Passwords: What You Need to Know and Active Listening. Click below to learn more about Teramind.