Staying Safe on the Internet of Things
Connected devices, wearable technology, and smart home appliances aim to enhance our quality of life through automation and ease of operation, but that convenience comes with a price tag: your privacy. Collectively, we call all these connected devices the “Internet of Things,” or IoT for short. If you’re wondering just how big the IoT is, well, the number of connected devices surpassed the global population all the way back in 2008. Today, more than 23 billion devices are connected to the internet. One expert calculates that 127 devices are connected every second. And this December 25, as people around the world unwrap new fitness trackers, smart alarm clocks, Wi-Fi-enabled cameras, and app-controlled toys, you can bet that average will go up.
What’s the Big Deal?
The problem is, most people don’t think of their app-controlled thermostat as a computer with an internet connection, but that is exactly what it is. Anything that connects to Wi-Fi or can be managed through an app is part of the IoT, and the IoT is a playground for hackers. Why? First, many devices come with little-to-know security options, yet they record and transmit an enormous amount of data about their owners. Second, people don’t think of these devices as computers, and they don’t think about how much or what kind of personal information they are sharing with the device. For example, if you program your app-controlled thermostat with different temperatures for home and away, a cybercriminal can determine when you’re home and when you’re not. Or imagine a hacker turning off your air conditioning during a hot and humid Florida summer and demanding a ransom to relinquish control. Many fitness trackers use GPS, letting a cybercriminal know exactly what route you take for your morning run. A baby monitor can give a cybercriminal eyes and ears on you and your family.
Scary stuff, right? That’s why it’s so important to secure each connected device you own. Your privacy and your safety are at stake.
Securing Your IoT Devices
The good news is, there is a lot you can do to protect your privacy while using these devices. Start by making sure the network you’re using is secure.
- Change the default administrator password on your internet router or wireless access point to a new, strong password (at least 16 characters, containing numbers, letters, and symbols if allowed). Instructions for changing the password should be available on the manufacturer’s website or through your internet service provider’s website.
- Change the default name of your wireless network (called the Service Set Identifier or SSID) to something you can identify, but that gives no clues to others about your identity or location.
- Enable your router’s Wi-Fi Protected Access, also known as WPA2 (or the recently introduced WPA3), which encrypts the traffic on your Wi-Fi network, protecting it from prying eyes. If your router only offers WEP or WPA, it’s time to upgrade.
- Create a guest password if allowed to avoid sharing the administrator password with visitors.
- Enable your router’s firewall, if available.
- Make sure your router’s firmware is up to date.
- For more advanced home network security protocols, check out this article from PCWorld: https://www.pcworld.com/article/3093362/how-to-secure-your-router-and-home-network.html
Away from home:
- Public Wi-Fi networks such as those offered at restaurants, doctor’s offices, hotels, and airports are inherently unsecure; after all, if you can connect to them, so can everybody else. As much as possible, avoid connecting to public Wi-Fi networks.
- Make sure your device is set NOT to auto-connect to Wi-Fi.
- If you must use Wi-Fi on your mobile phone or tablet, make sure you are connecting to the establishment’s official network (cybercriminals are known to set up fake networks to capture data) and use a virtual private network (VPN) service for an added layer of security. Also ensure your device has anti-malware protection in place.
On the device:
- Change the default username and password to a new, strong password.
- Once the device is connected, update to the latest software and firmware.
- If you can change the name of the device as it appears on the network, do so. Cybercriminals know which devices are vulnerable and will scan networks searching for those names.
- If the device offers additional security features, enable them.
- If the device offers no security features, don’t use it.
- Be mindful of the information you share with your device. Is it always recording or always listening? Does it ask you to input data? What would be the consequences if a hacker accessed the information?