¿No te preocupa la seguridad para el Internet de las cosas?… Pues debería

By Victor Medina 

Today, we hear and see the term Internet of Things, or “IoT,” everywhere. From connected light bulbs to cars, including video surveillance cameras, heart monitors, glasses, watches, and countless other devices promising an internet connection to make users’ lives easier by providing information at all times or keeping them constantly connected to the Internet.

But this permanent connectivity has advantages and disadvantages. On the one hand, it makes it easier for users to generate, access, and send information that was previously unrecorded, allowing them to maintain better control of their daily activities and even interact via the internet and an app with things they didn’t normally interact with: locks, thermostats, washing machines, etc. But on the other hand, this interaction with different devices or elements opens a new opportunity for hackers, given that many of today’s devices that promise to be “always connected” have, in addition to interoperability issues (different connectivity and communication standards), security issues. This is because, as mentioned in the McAfee Labs 2016 Threat Prediction Report, most companies that design and develop these IoT products often have very tight budgets, so they focus on having the product ready for market with an attractive design and user interface, neglecting security.

And this is nothing new. For several years now, there has been talk of threats from automated or internet-connected devices. In 2012, the risks of some medical devices, such as insulin pumps and pacemakers, being hacked to the detriment of their wearer were already being mentioned.

Currently, various studies, including one from the University of Queensland in Australia called “IoT Privacy and Security Challenges for Smart Home Environments,” highlight the risks that arise from not being aware that IoT in environments like our homes also require protection. Risks such as data confidentiality, authentication protection (validation of the device administrator user), and unauthorized access, to name a few, are sometimes overlooked and put the identity, information, and integrity of users at risk.

On the other hand, it’s important to consider that while we think the impact could be minor due to the current number of IoT devices available on the market, the growth expected in the coming years is exponential. Regarding IoT devices alone, McAfee Labs estimates that the number will grow from 15 billion in 2015 to 200 billion by 2019.

The good news is that some end consumers are already aware of the risks of not having security in their IoT devices, and many of them are not purchasing devices due to privacy and security concerns. This undoubtedly sends a clear message to the entire industry that users are increasingly aware and will look for devices they purchase with some form of associated security that guarantees not only their operation and network access, but also preserves the integrity of their information and identity.

Here are some tips and recommendations to consider before purchasing an IoT device:

1. Look for references about the device’s security features . It’s very important to research the device’s security measures, in addition to reviews of technical specifications, capabilities, and features. A quick internet search will give you enough information about any security issues the manufacturer has had or whether they are proactive and already guarantee it.
2. Take advantage of the security measures your device has . There’s nothing worse than not using at least one password or leaving the default password on your device. Find out what security features are already included with your device and use them.
3. Keep your device’s software up to date . Companies constantly release updates, either to add functionality to the device or to address security gaps. Therefore, it’s important to always keep your device up to date and register it on the manufacturer’s website to stay informed of available updates or patches.
4. Don’t go for the cheapest option. Remember that sometimes cheap is expensive, and if the device is very cheap, it may be because it has limited features or because some safety features weren’t considered in its design. Always opt for well-known brands and don’t forget to do your research online.
5. Be careful about what you share and always be alert for unusual behavior . Constantly review the information your device is sharing, and if you notice or detect any unusual patterns, check that your device’s security hasn’t been compromised.