​How to secure smarthome Internet of Things devices from hacker attacks

4 practical and hands-on IoT security tips

Picture: Steven Cooper, Flickr.

Picture: Steven Cooper, Flickr.

More than 8.4 billion internet connected devices are estimated to be available in 2017, and Gartner estimates that number will reach 20.4 billion by 2020. In 2017, the consumer sector represents 63 percent of all devices in use, or 5.2 billion units.

Security researchers have long warned of the dangers of smart - yet inherently vulnerable - smart sockets or smart lightbulbs and other home network-attached IoT devices. Users risk losing much more than just access to the device itself. They also risk affecting other devices sharing the same network. Leveraging a single vulnerability in a smart TV or any smart device, attackers could move laterally across home networks to compromise laptops, mobile devices, and even personal and private data stored on network attacked storages sharing the same home network as the vulnerable IoT device.

Securing your Smart TV

Smart TVs are now mainstream, making their way into every household. While the average user might not look at it as a “smart device,” the TV has internet connectivity and an operating system and it’s just as likely to be exposed to threats as a smart phone or tablet. With ransomware infections hitting smart TVs, the average user needs to not only install a security solution, but also perform regular firmware updates to make sure no known vulnerability remains unpatched.

With 6 out of 10 US users reporting no security option on their smart TVs, this device is among the top 5 household devices – besides smartphone, tablet, laptop and desktop - that is internet connected. Sporting browsing capabilities and allowing installation of applications from both trusted and untrusted sources, users are strongly encouraged to install a security solution designed for smart TVs running Android.

IP Cameras and Baby Monitors

While smart TVs support security software, other smart devices – webcams, baby monitors, IP cameras – allow no such option. Security researchers have often found that attackers could easily gain remote access to them by leveraging internet-facing ports and services (e.g. telnet, SSH) or by exploiting unpatched vulnerabilities in their firmware.

Some of these devices often run outdated firmware versions and users are never notified of the existence of newer ones that fix serious security issues. Plus, there’s also the risk that the cloud service provider responsible for storing your video feeds is either not focused on data protection and privacy or he could simply not use encryption both in-transit and at-rest. The latter would be unfortunate, as anyone performing a man-in-the-middle attack could access what your camera is recording or even seize control of it and start talking to your children.

It’s usually up to individual users to ensure to change their default passwords as soon as they’re purchased, block remote access ports from their routers, and even connect them to separate Wi-Fi networks so that no critical devices are affected in case of a vulnerability.

Smart Light Bulbs and Switches

Today’s smart home is also comprised of smart light bulbs and light switches that require Wi-Fi connectivity to allow remote control. Facing the same problems as other smart devices – in terms of lacking security / firmware updates and remote connection vulnerabilities, the average user is left with only a handful of security options. One is to research the security features of such devices and make sure manufacturers are trusted and have a policy for fixing reported security issues. It’s also highly recommended to change default authentication passwords upon purchase, as there are online search engines – Shodan for example – that crawl the internet for IoT devices with default credentials, allowing attackers to easily remotely access them.

Why All the Fuss About IoT Security?

Traditionally, security has been all about laptops and smart phones as their adoption and market share turned them into ripe targets for attackers. However, since IoT devices make their way into every home while sporting little to no security features, they become easily exploitable gateways for attackers to leverage into compromising the entire home network, not just a single device. Traditional security mechanisms don’t apply to IoT devices as they don’t support any additional software installed, as other operating systems do.

Consequently, IoT security should include two distinctive and powerful technologies that offer both anti-malware scanning capabilities and IoT vulnerability assessment. Sitting at the gateway level, an IoT security solution should make sure that traffic entering (or exiting) your network is not malicious or malformed, blocking malware and phishing pages in traffic, ensuring that they don’t reach the target device. The Vulnerability Assessment module should regularly probe devices connected to the network for outdated, vulnerable firmware, as well as misconfigurations (e.g. open Telnet or SSH ports that are reachable via Internet, poor passwords, known exploits against the device, etc.). Once the Vulnerability Assessment module finishes scanning local devices, it should display a comprehensive report with the identified flaws (if any) and outline steps to be taken to mitigate them.

Practical and Hands-on IoT Security Tips

1. Research! Research! Research!

Before purchasing any household IoT device, research its capabilities, the way it handles the data it collects, and whether the manufacturer has a strict security and firmware update policy in case vulnerabilities are publicly disclosed. Besides being practical or offering interesting features, an IoT device needs to first and foremost be secure and handle your private data with care.

2. Change Default Passwords

The first thing everyone should do when connecting a new IoT device to their home network is change its default password and replace it with one that’s at least 8 to 16 characters long and contains uppercase and lowercase letters, numbers and special characters. There’s an IoT search engine out there – Shodan – that specifically looks for internet-facing smart things that have default or no passwords.

3. Network Segregation

It might seem like a bit of a hassle, but setting up a separate Wi-Fi network just for IoT devices makes a lot of sense in terms of security. If one vulnerable device is breached and remotely controlled, at least other mission-critical devices around the house will not be affected or compromised (e.g. laptops, network attached storages, etc.)

4. Firmware Updates

Just as you look for and install security and operating system updates on your laptops or mobile devices, the same should hold true for IoTs. Sometimes manufactures push security updates and fixes that prevent attackers from easily taking over your devices and using them against you.

Bogdan Botezatu is Senior E-Threat Analyst at Bitdefender

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitybitdefender

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bogdan Botezatu

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?