April 11, 2017

How to better protect your IoT devices from hackers

The Internet of Things is truly incredible in that it lets us stay connected with many aspects of the world around us via devices and sensors. With the rise of third platform innovations, we can monitor our home from anywhere, see how we are doing after a strenuous workout and even see how stocked our refrigerator is. But with this wonderful technology comes a lurking problem: security. As we have seen over the past few years, many hacker attacks have occurred on cars, baby monitors, video devices, and the list goes on. How can we protect ourselves from the bad guys so we can truly enjoy this technology?

Unfortunately, when all these devices started coming out, security did not seem to be on the minds of companies putting out the products. Since these devices all work over the internet, they are live and can be hacked. Now, there is a very large push for securing these devices and sensors. Standardization of best security practices is starting to take shape; however, many security holes still exist.

What can a company or individual do to protect their devices from being hacked?

Since standardization is still being figured out, users have to rely on the companies they purchased the products from to be vigilant. Some companies are great at putting out updates to quickly fix a product, while others aren’t as on top of things.

Here are some of the ways to ensure safety on these devices:

1. Research the company you are buying the device from

  • Do not just purchase the cheapest video home monitor out there, but rather look into the company and see what they do for securing the device.
  • If you see continuous updating (patching) being pushed out to devices in the support section, this is usually a good sign because it means they are actively fixing these products’ potential security holes.
  • Is the device transmitting over https or http? Make sure all traffic goes over https by default. If not, do not purchase. With http (non-secured) traffic you are a sitting duck for hacking since there is no encryption.
  • Look for any type of spyware or other installed software that the company may be putting on the device. Do not take the company’s word for it – do research on independent web sites and forums. The last thing you need is your device being hacked by the very company you purchased it from.

2. Default user and password

  • Companies like to put a standard, first-time default username and password on many devices; for example, “user: admin, password: 1234,” on all their devices. However, users often won’t change these once activating the device. Look for companies that make you change the username/password (or at least the password after first login) with a strong password. If you currently have a device set up with the default user/pass combo, make sure to change this – very critical.

3. Updates for device

  • As stated above, this is very important. If you see that the company is actively supporting the device with updates on at least a monthly basis, this is good practice.
  • Make sure the device is receiving automatic updates from the company. If not, manually check for updates on a weekly basis. However, the lack of auto updates should raise a red flag in itself.

All of these steps will help you properly secure whatever internet-enabled/IoT device you may have, whether it be a video camera, router, personal fitness monitor or other. As time goes on, more and more standards will start to come out that will ensure IoT devices are more secure to begin with, filtering out all the fly-by-night companies selling subpar, easily hackable devices.

If you have any questions about IoT device security, contact us.