By Russ Levanway, CEO
By now, you’ve probably heard of the Internet of Things (IoT) in which all the devices we’re accustomed to using at home and at the office will eventually be designed “smart,” connecting and reporting to the internet. Examples include smart thermostats like Nest, refrigerators with internal cameras that show remote users their contents to help with shopping, ovens that preheat remotely via internet connectivity, lighting systems, security cameras, timers, and garage doors. Soon IoT devices will outnumber people.
Leaving the Back Door Open
For those of us who watched The Jetsons as kids, it’s thrilling to think that we will be able to control everything in our homes with a cell phone or tablet, from anywhere in the world. Many companies are jumping on the IoT bandwagon, too – companies that have never had to care about security or internet accessibility before. Therein lies an important comparison.
Think about computer companies. Because they produce servers, wireless devices, etc, they’re security-focused and security-conscious; in other words, they’re very good at security after plenty of trial, error, and experience.
Conversely, with the advent of the IoT, lots of different kinds of companies – garage door companies, home appliance companies, etc – have developed their own way of remotely connecting to the internet. And, quite frankly their security was terrible, and some pretty startling reports started rolling out. Remember when cybercriminals hacked into smart baby monitors (nanny cams) to watch what happened inside some peoples’ homes? That was scary news
Luckily, hackers generally aren’t interested in watching baby monitor feeds. But if there’s a way for them to use your smart devices to steal money or satisfy a political vendetta, hackers will find it.
We recently had a client who installed an IP (internet protocol) camera for surveillance. The company that installed the system typically works with non-internet-enabled systems, which explains why they left this new smart system on its default login settings; as a traditional security installation company, they’d never needed to deal with credentials before.
The IP camera system was connected to our clients’ internal network, along with unprotected access to the camera system from the network. The camera’s monitoring server, of course, caught a virus which in turn infected other computers on their network. A harsh, but invaluable lesson for the camera company moving forward as more and more of their clients inevitably adopt IoT technologies.
Armed and Ready
Currently, IoT devices like thermostats and IP cameras are becoming more prevalent in offices. Employees also bring IoT devices from home into the workplace. Luckily, as this industry matures, there are specific standards of security being enforced around these devices. At TekTegrity, we don’t tell people to avoid buying or enabling IoT devices. They’re great, exciting, and can be very powerful – it’s just very important to keep security in mind when deploying them. Here are two simple tips for protecting your privacy with an IoT device:
- In home networks, a device might be set-up to communicate openly and unrestricted with the internet, but if you have a home router or wireless device, that functionality can usually be blocked.
- Almost every IoT device comes out of the box with a default username and password like “admin” or “password1.” Often, people get excited, turn their new device on, and never give the default password a second thought. Given the universality of most default usernames and passwords, hackers don’t even need to hack in – they can just guess!
These common sense principles are easy to forget in the heat of the moment when you’re connecting a new, snazzy device to the internet, but they can go a long way toward ensuring your privacy and security, both at home and in the office.