5 Tips for Securing IoT Devices

This week, Google announced that its Internet of Things (IoT) platform, Android Things, is officially out of beta mode. Android Things provides hardware and software developers with all the necessary SDKs to build IoT devices.

Smart Home Safety

The company has partnered with hardware manufacturers, offering developer kits and a developer console designed for managing devices and pushing over-the-air updates to both prototype and production devices. This is exciting news for developers interested in building connected devices, and companies are already jumping in with new products for the platform, including Google with their launch of Smart Displays for Google Assistant.

Microsoft also announced open-sourcing for Azure IoT Edge, a product suite that allows companies to run AI and Azure services without connecting to the cloud.

Microsoft first unveiled IoT Edge at last year’s Build Conference to help it keep pace in the edge computing market for IoT devices. The latest update allows any customer to use the service, helps them modify it with little hassle, and makes it easier to detect and weed out software bugs.

These two huge companies aren’t the only ones shifting attention to building IoT devices, and general growth in this market is nothing new. IoT devices offer many features that make life easier and more convenient, and businesses can easily monetize them.

IoT devices are in our homes, cars, workplaces, and pretty much everywhere; pumping information through the web to manufacturers, developers, and anyone in the world. With such a huge jump in these interconnected devices, security threats have also spiked.

According to Symantec’s 2018 Internet Security Threat Report (ISTR), the total number of IoT attacks grew 600% between 2016 and 2017. Yet the public seeks convenience and is willing to give up privacy and personal data to get it. (Again, what else is new?)

The question stands:

How do we as tech-savvy citizens of the digital world jump on the smart home/smart world bandwagon without getting burned by hackers or having our personal data sold without permission?

The simple answer: be smart. Knowledge is power, therefore knowing what threats already exist and how to combat them is the best way to arm yourself in the age of personal data exploitation. Here are the basics…

Cybersecurity & IoT

An FTC report details that fewer than 10,000 households can create 150 million data points with IoT devices every 24 hours, with each datapoint acting as an entry to your wifi and data. While most reports of hacked devices seem to be on a low-frequency level, like smart refrigerators and baby monitors, the likelihood of being a cybercrime victim increases as IoT devices become more commonplace.

How many families now have Alexa or Google Assistants? Do you use Logitech Harmony Hub for home entertainment devices? Have A Nest or Smart Door Lock? Smart Toys for your child? Smart Car? The list of potential break-in points goes on…

In addition, more money-making IoT attacks are being explored, such as cryptocurrency mining or ransomware attacks on point-of-sale machines, medical equipment, or vehicles. If a device is connected, it can be compromised, and not just by hackers. Some of the most dangerous side-effects from smart devices come from the manufacturers and developers who gain capital from your data.

With all of this in mind, what is the solution? While there is no current fix-all, we have compiled a few best practices to help keep you and your smart devices safe:

How to Protect Your IoT Devices

1. Read the Terms: Let’s be real, do you know anyone who reads the terms of use before downloading an app? Most likely not. Users of all ages blindly accept use terms for apps and devices, unknowingly putting themselves at risk. To safeguard your privacy, you need to understand what apps and devices do and use exactly. Many apps and devices do not need personal information to work, and you might be able to opt-out of revealing your personal data. The only way to know is to invest the time and research into what kind of apps and devices you are using.
2. Segment your Network: Create an encrypted Wi-Fi network that is devoted exclusively to IoT. Make sure that each device you have that is IoT-ready has a unique and highly secure password. Just to be safe, make sure your home network is using passwords that are changed every 30 days and that you have robust virus protection and firewalls. A VPN doesn’t hurt either.
3. Update Firmware: An IoT device has software embedded on it called firmware that may be susceptible to exploitation if not regularly updated and patched. To keep your IoT devices secure, you should register each of your devices for any automated firmware updates that are offered by the manufacturer.
4. Turn off IoT devices: The malware used in some recent cyber-attacks is stored in memory and can often be erased with a power cycle. Accordingly, you should turn off any smart devices when they are not in use, such as video cameras and devices with microphones that can be compromised and used to invade your privacy. IoT devices that are in regular use like thermostats should be restarted periodically.
5. Avoid Public WiFi: Pay attention to mobile device security. When remotely checking your IoT devices from a smartphone or tablet, it is generally good practice to avoid using public Wi-Fi networks that are not password protected. Insecure connections can make your IoT device vulnerable to hacking.

Smarter use for smart devices is the best, and sometimes only, way to protect your personal data. As the IoT grows, users will have to grow and develop security plans accordingly.