How to safeguard IoT gadgets at home
Chathurika Kahavita, Computer Realm
on 24 Apr, 2019
Could your smart fridge spy on you?
Smart speakers, CCTV cameras, smart thermometers, and even smart bulbs—our homes are now full of digital gadgets. The term “IoT” refers to all these internet-connected domestic items.
Sure, these gizmos make our lives convenient. However, the smart speaker in your living room could also give away personal, sensitive information about the family without your knowledge.
Cybercrime is on the rise, naturally, as we become more reliant on digital devices. And IoT home devices are particularly vulnerable to attacks.
It’s not just the garden variety hacker you would have to worry about. The companies that produce these gadgets don’t design them with your privacy in mind. Remember when Amazon’s Alexa recorded private conversations and sent them to random numbers on the owner’s contact list?
As most of us can’t live without our smart speakers and smart security systems, let’s look at how we can keep them secure from cybercriminals and accidental privacy snafus:
Change factory set passwords
Some types of connected devices, like modems and routers, arrive in the package with a password already installed. This factory password doesn’t actually make the device secure. In fact, a hacker can easily gain access to the factory password.
Consider the factory set password a placeholder. You should immediately change it the moment you start using the new device. Otherwise, anyone who previously had access to the factory settings password can access your device.
Learn to come up with good passwords
It’s easy enough to use 123 as your password. The problem is, simple passwords are easy to guess. Not all hackers gain access to devices because they are IT whizzes. Some simply guess passwords.
You should make your passwords as un-guessable as possible for an outsider. Use random strings of numbers and letters to create passwords. Then write it down somewhere so you don’t forget.
Use different passwords for different devices
Don’t reuse the same, or even similar, passwords across the many cloud-based gadgets you own. If one device is compromised, it could put all other devices at risk. Getting rid of careless habits like this is essential for keeping your home network secure.
Upgrade your router
There is an easy way to tell if the router at home is any good. Did you receive it from the ISP as part of the internet package? Did you purchase your router at a popular electronics shop?
If your answer to either of the above questions is a yes, then your router is probably not all that good.
There are serious security vulnerabilities that come with commercial grade consumer routers. Brands sell millions of these to unsuspecting customers. As a result, these ISP-provided routers are highly desirable targets for hackers and spy agencies.
But that’s not the worst part. Consumer routers have a feature called Wi-Fi Protected Setup (WPS). The point of WPS is to make the router easy to access. It’s so easy, that anyone can access the router by entering a PIN number that’s printed right underneath the device.
Anyone— including your housecleaner, plumber, or neighbor—can access your router with this PIN number. Remember, there’s nothing to stop someone from snapping a picture of the PIN and posting it online.
Security experts recommend ditching consumer routers for commercial-grade products intended for small businesses. These routers are not as popular and have better security features. You can use a site like computer-realm.net to browse for good routers.
Turn off universal plug and play
Universal plug and play, or UPnP, is a seemingly innocent feature in your home network router or modem. It allows gadgets connected to a network to discover each other.
UPnP, however, has no security features whatsoever. It will work fine with a local network like the one in your home. But once it gets connected to a cloud service, you are vulnerable to getting hacked.
You can’t upgrade UPnP, but you can disable the feature in your local router or modem. And you should do it quickly.
Enable encryption features on devices
Data encryption makes it fundamentally impossible for cybercriminals to decipher sensitive information. Encryption doesn’t thwart hacking attempts. But it can prevent your data from being stolen.
Most modern connected gadgets have some form of encryption. But users have to enable it manually. For example, modems have WPA2 wireless encryption to protect data. However, the encryption is not enabled by default.
Similarly, your smartphone, tablets, or even smart TV most likely will have encryption options. Go to device support online and find out how to enable encryption features to safeguard your data.
Keep device software up to date
Firmware updates allow manufacturers to install software patches in case a security vulnerability is detected. Some devices, like your smartphone, can auto-update security fixes. On the other hand, the router, the smart light bulbs, or the smart fridge might not.
If auto update features are available, enable them on all your devices. If not, set up the device so you get alerts for newly available firmware updates. Then you can immediately update your devices on time.
Connected devices have never been more vulnerable to cyber attacks. Homeowners should not underestimate just how hacking-prone connected devices are.
According to some estimates, consumers don’t secure connected devices because they underestimate the type of data the gadgets collect. Remember, even your smart meat thermometer collects data about you.
Don’t expect the manufacturers of connected devices to be forthcoming about data collection. The consumer can regardless be vigilant in usage. There’s little you can do about a brand collecting at least some of your personal data. But you can do a lot more at home to protect your IoT devices and the sensitive data stored in them.