#NCSAM: How Can Consumers Boost the Security of IoT Devices?
…individuals should proactively try and seek out vulnerability forums online and regularly assess whether exploits and vulnerabilities have been exposed in the media
Daniel Norman, Senior Solutions Analyst at the ISF
The global surge in home-based Internet of Things (IoT) devices seen in recent years should be a cause for celebration. Essentially electronic devices that connect wirelessly to a network, they have undoubtedly enriched the lives of many people; common examples include smart watches to monitor heart rates and breathing, smart refrigerators and TVs and virtual assistants. For many, this offers convenience in their everyday lives, but for others, such as those living with disabilities, they can be life-changing.
It is currently estimated that the average US household has more than 10 devices connected to the same Wi-Fi network, while the total number of IoT connections is predicted to reach 83 billion by 2024, up from 35 billion in 2020.
Jamie Randall, chief technical officer of IASME, said: “Most attacks against IoT devices take advantage of basic security issues, such as default passwords and device software which hasn’t been recently updated. In particular, there has been a rise in malware focussed on IoT devices such as the Mirai and Mozi botnets which initially targeted routers but expanded to other devices such as internet-connected cameras.”
Taking the following actions will go a long way in reducing the risk of IoT cyber-attacks occurring.
Undertake Product Research
Daniel Norman, senior solutions analyst at the Information Security Forum, suggested that consumers should also ensure their products come from manufacturers which automatically update or patch devices, and “if this is impossible then individuals should proactively try and seek out vulnerability forums online and regularly assess whether exploits and vulnerabilities have been exposed in the media.”
A further step consumers can undertake at the pre-purchase stage is to discover whether the manufacturer in question is adhering to certain security standards. Norman added that many IoT manufacturers are now making this kind of information available on their product’s packaging.
Changing and Updating Passwords
To maintain high password security, consumers should get into a habit of repeating this action regularly. Heather Paunet, senior vice-president of product management at Untangle, explained: “Changing your password every 15 to 30 days may seem like a chore, but keeping your network security fresh will also keep those devices connected to this network safe as well. Changing your password to a complex arrangement of numbers, letters and symbols will ensure that criminals trying to hack into your network cannot easily guess the combination and gain access to the data from your IoT devices.”
Keep Tabs on External Devices
When friends and family come to visit, they will often connect personal devices to that new home network, which can potentially compromise it if their device has already been hacked. Pautnet therefore recommended: “As you are making password changes, also audit the devices that are connected to your network. ‘Forget’ any device that will not be regularly connecting to your network to ensure that your device list is clean.”
“Do Your Part. #BeCyberSmart”