The holiday season is a big time for consumer electronics and smarthome gadget sales. With so many advances and innovations that we saw in the Internet of Things in 2016, there’s a likely chance that one of those connected devices has found its way into your home, or that of one of your loved ones, this Christmas.
But while IoT devices make our homes more efficient, drive energy saving and reduce costs, you should also take note that IoT devices are a source of security headaches. A huge number of smarthome gadgets are developed without sound development practices and end up being used for evil purposes.
So if you don’t want your smarthome gadgets to be used to spy on you, hurt you in some other way, or be used in the next massive IoT DDoS attack, take a minute to read these guidelines. They will help you get the most out of what your IoT devices have to offer without suffering the privacy and security repercussions.
Install the latest updates
Seldom you see a software or hardware released without glitches or bugs. Many of these loopholes leave your devices open to attacks and exploits. That’s why developers and manufacturers regularly roll out updates and security fixes.
First of all, before installing your new device, do a little internet research for known vulnerabilities, and make sure that the manufacturer has released a patch for the bug (patches are announced and delivered on the manufacturer’s website).
Make sure that the manufacturer has a policy and good track record of delivering updates. If a manufacturer doesn’t deliver security patches, I would recommend returning the gadget back to where you bought it from.
In some cases, there are workarounds that can help you plug a security gap by disabling some of the features or changing settings, but do it with caution.
Last word on updates: Since smarthome gadgets are usually installed and forgotten, register your device for update notifications in case the manufacturer does have such an option. This way, you can make sure that you don’t miss any important updates.
Protect your network from IoT hacks
Per se, connected devices such as light bulbs and coffeemakers might not contain sensitive information or functionality, but their vulnerabilities can provide attackers with potential footholds into your home network, giving them a beachhead to conduct more critical attacks against your laptop or workstation.
The first thing you should do is to change factory default settings (e.g. administrative passwords) on your devices after installing them. This is critical as many attacks are conducted by scanning the web for devices for unchanged factory settings.
Also make sure you don’t reuse a password you’ve set on a critical email or social media account, unless you want a breach to propagate to unwanted domains.
If your device offers several different connection channels, disable the ones you’re not using, and always prefer wired connections over WiFi and other wireless mediums. This will minimize the attack surface. If the device is associated with a mobile app, review the privileges it requires (microphone, camera, GPS access, etc.) and only grant permissions if it is absolutely necessary.
If you’re going away for a long time (vacation, business trip, etc.), make sure to turn off unneeded devices or at least disconnect them from the internet.
Last word on network protection: If your home router has a guest network option, you can use it to isolate your IoT devices from your local network. This will prevent breached gadgets from giving attackers network access to your laptop and other devices containing personal and sensitive information.
Protect your IoT devices from hackers
In the previous step, we discussed how to prevent IoT vulnerabilities from harming your network. But you should also protect your smarthome gadgets themselves. Some devices such as smart thermostats can deal real damage if hacked, while nearly all compromised IoT devices can be used to raise botnets and stage widespread DDoS attacks.
Unfortunately, a considerable percentage of IoT devices lack proper defense measures (and will continue to miss them for some time to come), therefore the first order of business should be to set up a firewall.
Most home routers have firewall rules and settings that can be easily set up to block access through unused ports. This can help prevent access to devices that don’t let you turn off unwanted remote access features.
To add an extra measure of defense, use a Virtual Private Network (VPN) to encrypt your outgoing and incoming traffic. The advantages of using VPNs is twofold. First, it’ll make up for lack of encryption in IoT devices. And second, it can make it more challenging for eavesdroppers to deduce life patterns from analyzing network traffic metadata.
Last word on device protection: You might want to consider investing in a smarthome intrusion detector, a breed of devices that analyze your home network’s traffic and look for patterns of malicious activities.
Protect your privacy
Most home IoT devices silently collect data about your daily routines and habits and often send them over to the cloud. While this helps devices and their manufacturers to analyze patterns and deliver better services, it can also become the source of privacy controversies.
First of all, you should clearly know how your data is used and processed before you connect any new device to the internet. Review the vendor’s data collection and sharing policies and make sure it explicitly states whether your data will be shared with third parties or not. There should also be an opt-out option for users who don’t want to have their data collected.
Also, if your device has a microphone or camera component and you’re not using it, disable it outright, because they can lead to some of the worst kind of privacy troubles. If there’s no switch or feature to turn off the camera, cover it or turn it to face the wall.
Last word on privacy: If you decide to sell your device or give it away to someone else, reset it to factory default settings and wipe out any user data you might have stored on it.
Over to you
IoT is the future. But it shouldn’t cost you your privacy and security. Hopefully, with these tips, you’ll be better positioned to make good and safe use of your smarthome gadgets while avoiding the pitfalls and unwelcomed tradeoffs.
How do you vet and secure your devices? Share with us in the comments section.