Your new washing machine could help criminals break in. Here’s how to protect your home network security and devices among the Internet of Things.
At its most basic, the Internet of Things (IoT) refers to the growing list of everyday household objects that now feature internet connectivity and data collection components, such as smart doorbells, thermostats, TVs, and kitchen appliances. The same connectivity and data-sharing capabilities that make IoT devices such powerful drivers of innovation, however, also have the power to attract cybercriminals. This is why it’s so important to have a secure network connection amongst all devices.
Whether because of lax security behavior by family members or weak default password settings by manufacturers, IoT devices introduce vulnerabilities that can be exploited by cybercriminals to infiltrate your home network. In fact, malicious software or malware targeting IoT devices rose by 77% in the first half of 2022, according to the Sonic Wall Cyber Threat Report.
Yet, if you take the appropriate cybersecurity precautions, it is possible for the IoT rewards to outweigh the risks. From how to secure wifi networks to password protecting devices, here are some ways to protect your home.
Transcript available below graphic
The IoT market has exploded in growth over the last 10 years, coinciding with a dramatic increase in Wi-Fi connectivity and high-speed internet. According to a 2022 study by research firm IoT Analytics, the number of connected IoT devices rose from 4.6 billion in 2016 to 12.2 billion in 2021 and is estimated to hit 27 billion by 2025.
The proliferation of IoT devices has spread across industries, with applications ranging from systems that streamline supply chains using sensor data and radio frequency identification to medical solutions, such as robotic surgery devices. But the most popular category of IoT is the catalog of devices that make the connected smart home a reality. Popular smart devices include door locks, garage-door controllers, light bulbs, power outlets and switches, thermostats, TVs, virtual assistants, video doorbells, and washers and dryers. Each of these devices connect to the internet through your router, which enables Wi-Fi within your home.
In addition, IoT includes personal devices and wearables, such as smart watches, rings and glasses—enabling benefits ranging from touchless payments to location-based weather updates—as well as dedicated health monitoring devices, such as fitness trackers, glucose monitoring insulin pumps, and even stroke and heart attack detectors.
Risks of IoT
Regardless of the application, the connected nature of IoT and the vast amount of data the devices gather make them prime targets for cybercriminals. According to Kaspersky, IoT cyberattacks more than doubled to 1.5 billion in the first half of 2021 compared with the previous year. Common cyberthreats against IoT include phishing, which involves fraudulent emails sent to trick people into submitting personal information; malware (including ransomware); exploits that take advantage of weaknesses in firmware and software; and credential theft or the theft of online identification methods like usernames and passwords.
The diversity of devices and the rapidity with which they’re being developed—not to mention the limited computing power and storage that can be crammed into a small, affordable object—mean IoT devices typically have little security built into their design. Add to that a lack of standardization and regulation, and it’s clear IoT devices are more vulnerable to cyberthreats. However, by understanding the types of vulnerabilities and threats most common to IoT, as well as how to protect against them, you can enjoy the benefits of a smart home without worrying about the safety and privacy of its residents.
How to Protect Against IoT Vulnerabilities and Cyberthreats
Here are a few of the most common IoT vulnerabilities that invite cyberattack and the simple steps you can take to keep your household safe:
Weak Password Protection
Many devices come with easily hacked default passwords, enabling criminals to gain access to not just the device, but also the Wi-Fi network and any other devices connected to it. In 2020, the FBI issued a public service announcement that criminals had been using stolen usernames and passwords to access camera and voice-capable devices (such as smart doorbells) to perpetrate swatting hoaxes that fraudulently call emergency services to a home.
- Change default login credentials. Never use the default username and password that comes with your device. Replace it with a strong, complex password (at least 10 characters and a combination of upper- and lowercase letters, numbers, and symbols) and never reuse the same username and password combo for multiple devices.
- Enable multifactor authentication (MFA). If your IoT device’s account offers it, enable MFA, which requires you to confirm your identity in at least two ways (e.g., a password followed by a texted code).
Firmware and App Vulnerabilities
Since many IoT devices are installed in out-of-reach places or are embedded in traditional technology, firmware updates are not always downloaded in a timely manner, leaving devices vulnerable to malware. For instance, in 2020, researchers at cybersecurity firm Check Point were able to exploit a vulnerability in the firmware of a popular smart bulb and install malware that enabled them to take control of both the bulb and the home network to which it was connected.
The mobile applications used to access and control smart home devices are also subject to security bugs that can leave your home network and its connected IoT accounts open to cyberattack.
- Keep devices updated. Install the latest security patches for all devices, including routers, smartphones, laptops, and computers that connect to your home network. Enable automatic updates for all software, hardware, and operating systems.
- Replace older, unpatchable devices. Older devices that are no longer supported by their manufacturers cannot be updated with current software or security patches, so they are vulnerable to cyberattack. They should be disabled and removed from your network.
Keeping your Wi-Fi network secure is critical when you have several IoT devices connected. However, the network services of the devices themselves can also be points of weakness. In 2017, Trend Micro proved that flaws in the network setup of common smart speakers could allow anyone on the internet to access and control the device.
- Keep Wi-Fi networks secure. Use the strongest possible security settings on your Wi-Fi network. For example, change the default username and password to a unique set of credentials, enable the router’s firewall and the WPA2 security protocol, and only allow devices you recognize to connect.
- Segregate IoT devices on a separate network. Most Wi-Fi routers give you the option to set up more than one network. Keep your IoT devices on a separate network from your smartphone, laptop, and other computing devices. Ideally, use a virtual private network to restrict access to your own network rather than exposing the devices to the public internet.
Lack of Privacy Protection
In the 2017 Trend Micro study, researchers found that IoT vulnerabilities exposed user information to the open internet. Not only does this mean that credentials can be harvested from unsecured IoT devices by cybercriminals to sell on the black market, but personal information like music preferences can also be used for phishing emails to make them more believable.
- Review communications with skepticism. While securing networks and running updates on devices shields IoT vulnerabilities, scrutinizing emails and texts with a critical eye helps protect against phishing attempts. Avoid clicking on links or opening attachments from unknown sources and be wary of language requesting urgent action.
The good news is that there is increasing cybersecurity awareness among IoT device vendors, who are beginning to introduce more stringent security settings in new products. We’re also starting to see IoT-focused regulations, such as the Internet of Things Cybersecurity Improvement Act of 2020, which established minimum security standards for IoT devices procured by the federal government, and California’s Internet of Things Security Law, which requires IoT device manufacturers to actively address cybersecurity in their development cycles. Though it will take time for these measures to improve IoT security across the billions of devices already in use, you can get ahead of potential security issues now by learning about the risks of IoT and how to protect against them.