Do you think as yourself as living in a “smart home”? If you look around you may notice that you are surrounded by internet-connected, computing devices, including IP cameras, speakers, doorbells, and even refrigerators. These physical products embedded with electronics and software are generally referred to as the Internet of Things (IoT).
IoT products differ from dedicated tech devices, like computers, smartphones and tablets, in that their primary function is to do offline tasks, which are enhanced by connecting to the internet. An internet-enabled car, for instance, is still made for driving, but it can also potentially connect to the driver’s device and home electronics, make phone calls, and display cameras.
There’s no doubt that the Internet of Things can make our lives more convenient (just think how easy it is to ask an interactive speaker to place an order online), but it also opens us up to new risks. This is because most IoT devices lack built-in security features, making them vulnerable to malware and hacking.
Take the 2016 Mirai botnet attack, which took down a large part of the internet on the East Coast. This botnet was actually made up of 2.5 million compromised IoT devices, such as webcams and routers, which were infected by malware programmed to guess default passwords. The combined power of these IoT devices was then used to flood the internet’s Domain Name System servers with traffic, crippling the internet’s address book.
And since Mirai, IoT attacks have increased substantially both in number and sophistication. The IoT_Reaper malware, for instance, leveraged nine different vulnerabilities in webcams and routers to infect millions of devices, creating a massive army of “bots” that could potentially be used to launch attacks.
These threats are increasing at the same time as our thirst for more connected devices is growing. Everything from smart thermostats to interactive eyeglasses are expected to make up the 20.8 billion connected devices that are predicted to exist in consumer homes by 2020.
The more connected devices we have in our homes and lives, the more opportunities cybercriminals have to infiltrate our networks, and reach other data-rich devices. This can potentially put your private and financial information at risk, not to mention your privacy.
So, what can we as consumers do to protect our data and devices, while enjoying all the convenience that IoT brings?
Here are some important IoT Safety Tips:
- Research before you buy—Look for devices that have built-in security features, when possible, and check other users’ reviews before you buy to see if there are any issues, such as known exploits or vulnerabilities, that you should know about.
- Change Default Passwords—As soon as you bring a new connected device home make sure you change the default password to something hard to guess. This is because cybercriminals often know these default settings and can use them to access your devices. If the device has advanced security options, take advantage of them.
- Keep them separate—Consider setting up a separate network just for your IoT devices. This way, even if a device is compromised the attacker will not be able to leapfrog to other data-rich devices on the same network, like computers and smartphones. Check your router’s user manual to learn how to setup a second, or “guest” network. Or, consider investing in a network that has built-in protection for IoT devices. Security is now being integrated into home routers, providing first-line protection for all the devices connected to the network.
- Keep your firmware up-to-date—Manufacturers often release software updates to protect against potential vulnerabilities and upgrade features. Set your device to auto-update, if you can, so you always have the latest software.
- Use comprehensive security software—Keep all your computers and devices protected by using robust security software that can help safeguard your private information and stop known threats.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.