Ok, this might be a bit of a late warning, but as the saying goes, “It’s better late than never.” 2016 is slated to be a record-breaking year in electronic device shopping, and it starts right here, in the Christmas holiday season. A big chunk of those devices will be IoT, internet-connected devices. An October report by Consumer Electronics Association places the amount of Christmas spending on tech at $34.2 billion. Online Trust Alliance estimates that more than 50 million connected devices will enter consumers’ homes over the holidays this year.
As I’ve mentioned in previous posts (here and here), the IoT industry is full of security holes, inherent from the fact that it’s a fledgling technology that is still going through its early steps and “gold rush” era: Vendors are in a rush to ship out new devices (which is not a bad thing per se); consumers are in a rush to fill their houses with those devices (not a bad thing either); and malicious hackers are in a rush to exploit those devices and carry out their evil deeds (definitely a bad thing).
As Christmas fills your houses with cool new IoT devices, here are a few precautions to take before and after you buy new IoT devices this year. Special thanks to Ericka Chickowski for her Dark Reading article and the OTA for their smart device security checklist.
Make sure it’s secure
Before purchasing the product, Google it for security holes. If the device is found to have security holes, check to see if the manufacturer has shipped updates, also make sure that the specimen you’re buying contains the latest version of the firmware or software installed. If none of these apply, I suggest you find an alternative.
Make sure the manufacturer cares about security
Unfortunately, a considerable percentage of IoT vendors care more about seeing their products reach store shelves than offering maintenance and support in the future. Even if your device doesn’t have any known vulnerabilities, check its warranty and support policies and have a look at the manufacturer’s history in delivering security updates on other products. If the company doesn’t patch its products, there’s a big chance that you’re on your own if your device is later found to have a security loophole.
Make sure it’s returnable
If the device is not found to be insecure yet (I’m not saying secure, mind; there’s no such thing as absolute security nowadays), you should still make sure you can protect your bacon in the future. So if a nasty bug turns up on the device after you unboxed it, and the manufacturer fails to patch it, you should be able to wrap it up and return it to the vendor.
Register to receive updates
When manufacturers do patch their devices, they should have a means to inform you of new updates. Unless you’re planning to regularly visit the manufacturer site for every single connected device you own (which isn’t practical), you should register your device along with your email address on the manufacturer’s website to be informed of updates as soon as they’re available. This way you can rest assured that you don’t miss out on critical updates.
Be careful about app installs
Most connected devices come with a controller app that is installed on your smartphone. Make sure you download and install the app from the vendor’s official site (or App Store and Google Play account) and not from some clandestine third party source. Also make sure to review the permissions and privileges that the app requires (location tracking, camera, microphone…).
Final thoughts
Hopefully, after following the aforementioned tips, you can breathe a sigh of relief, sit back and relax, and enjoy your holidays without fearing about your smart light bulb or TV spying on you (or the loved one you just bought it for).
Have anything to add? Drop a note for me below. Need more guidance or have a story to share? Contact me. I’m always looking for new tech trends.