Keeping the Internet of Things secure
In homes up and down the UK, Christmas Day would have seen an Internet of Things device being unwrapped under the tree.
From Google Assistants and Ring security systems to internet-enabled bathroom scales and fitness devices, our homes are slowly filling up with electronic gadgets capable of going online.
The sudden proliferation of hardware able to upload and download data through our wireless routers is undoubtedly cool and exciting – a glimpse into a fully connected future.
Yet it’s also a major security concern, with few consumers really understanding the implications of hooking up gadgets and gizmos to their home broadband connections.
But before we analyse Internet of Things security in depth, it’s important to define what the IoT actually is.
Internet 2.0
Last May, we published an article which defined the IoT as “the networking capability that enables everyday devices to send and receive data via an internet connection.”
This process happens automatically, when an alarm system detects motion or a smart speaker hears its name.
A two-way conversation immediately begins between the IoT device and a remote server or computer, enabling it to perform its job.
Examples include voice-controlled appliances, smart gadgets and machines you can control through an app.
Sold secure?
If this technology is to succeed in its aim of making our lives better, Internet of Things security must be paramount. And at the moment, unfortunately it isn’t.
Most IoT-enabled devices upload information across WiFi networks, which are often protected by default passwords and easy-to-guess admin credentials.
From security systems to smart speakers, this treasure trove of personally identifiable information (PII) would be manna from heaven to a criminal.
Someone with basic eavesdropping technology could sit outside a connected home and pilfer huge amounts of sensitive PII without the victim realising anything was happening.
And at present, there are no industry-wide Internet of Things security protocols.
That’s resulted in a patchwork quilt of encryption and security measures, with varying degrees of effectiveness.
Many IoT devices are cheap to buy, and designed for easy installation.
Complex security features are unappealing to less tech-savvy consumers, and they could adversely affect battery life.
A variety of solutions may ultimately be required, from digital certificates and SSL encryption through to improved WiFi security.
In the meantime, anyone reading this article with security concerns should take the following basic precautions:
- Change the username, admin name and password on your broadband router – the gateway between IoT devices and the wider world.
- Activate the highest security settings on any IoT devices around the home as a matter of routine, replacing default passwords like ‘123456’.
- Install updates. Software systems are periodically revised to counter known threats as they emerge, so always update devices when prompted or invited to.
- Avoid accessing IoT devices over insecure networks. Public WiFi in coffee shops and hotels is unsuitable for accessing confidential information like home security equipment.