Are Your Connected Devices Making You Vulnerable?
We recommend you spend this weekend updating your devices!
If you’re in the developed world, you’d agree that the Internet of Things (IoT) has begun pervading most realms of life — be it add-ons for your phone, your fitness tracker, your command modules like Amazon Alexa, your smart TVs or your home refrigerator or thermostat.
There is one common underlying factor in all of these — internet connectivity. And you’d agree, the moment something’s on the internet, there’s risk. If you’re one of those who disagrees, well, I hope you’re right, or have taken measures to protect yourself. I’m about to tell you some stuff that has people worried. So do heed their advice!
With connected devices, our world can be in the palm of your hands — If you have a smart refrigerator by Samsung that can take pictures of the contents inside the refrigerator each time the door is closed, you’re probably leveraging the convenience it was created for. The next time you forget something important that your mom mandated you to buy on your trip to the grocery store, you know what to fall back on.
You could be checking temperatures from a smart thermometer on your phone.
Or you could be using Amazon’s Dash — the small, Wi-Fi connected devices that order various products just by the press of a button.
Obviously, these are all part of the Internet of Things. But are they that innocuous?
While you get the world’s convenience at your fingertips you also inadvertently expose some data about yourself that you would not have really want to.
The potential threat is already alarmingly high, as more than 6 billion devices (as per one Machina Research analysis) are now connected via Internet of Things technology.
Some of the people we spoke to discarded the theory — asking the standard “Who would want to pry on my seemingly mundane data?”
Quite a few people, apparently!
There already are documented incidences of some of these connected devices being manipulated by hackers, and becoming virtual hosts that can carry out attacks on all your sensitive data. And these are rising exponentially.
Leonard Kleinrock, a UCLA professor of computer science claimed in this regard, “Security has not been a prime focus on many devices and organizations that put these out helter skelter. … In many cases they’re not adjusting to security concerns”.
Last year, devices saddled by hackers, were able to shut down the central heating and water systems at two apartment buildings in Finland. In another case, researchers also found nine types of internet-connected baby monitors to be vulnerable, as the researchers were able to access live video feeds, change camera settings and copy video clips stored online.
The major concern in view of this issue is the supposedly inexorable cyber warfare.
Hackers find it unbelievably easy to hack into low priority, mundane devices like your refrigerator, thermostat, child monitors, etc. to enter into your home network, from where they have a relatively free hand to snoop around without raising any alarms.
What makes these devices so vulnerable to hacking is the mere fact that most consumers are lazy enough to not change the password on their devices and often stick to the default passwords.
To quote William Webb, a Fellow at the Institute of Electrical and Electronics Engineers and CEO of Weightless SIG, a nonprofit standards body that looks at issues surrounding IoT connectivity, “The obvious answer is to change the password [but] I think it’s unreasonable by and large to expect users to change passwords on cameras, toasters and scales”.
Change the default password on all your devices right now!
This first step though arduous, will go a long way in keeping your world to be safer from hacking.
A lot of people remain unaware about the fact that in order for an IoT-enabled device to function properly, it needs to remain powered at all times. This might look insignificant but having a device that is on the entire time, and has to go through only a one-time authentication, makes for a perfect recipe to attack your device.
The long and short of this then is that you should always unplug devices when not in use. Also, to prevent any weak spot in device security, you need to ensure that all the latest software updates are installed onto your various devices.
So that’s step 2.
I know all this sounds mundane, but really, have you done both the above, for each of your devices? If you have, then it must be a lonely spot on the top of the hill, because most folks do not actually change passwords or update their devices most times.
The whole hype here about the risk attached with IoT devices might seem a little overestimated but we certainly have numerous research papers and facts to back what we say.
A team of researchers at Microsoft and the University of Michigan recently spotted a set of let-outs in the security of Samsung’s SmartThings smart home platform, and the methods were nowhere near complex! Another team of researchers have been able to bypass into real, on-the-market devices and control them, which clearly implies that the hackers won’t face any difficulty in imitating what the researchers did.
The setback with most IoT devices is their limited computing capacity, in fact,”most of the IoT devices were not designed with serious protection capability, and so are susceptible to attack”, said Kleinrock, who was influential in the development of Arpanet.
Kleinrock added, “These devices were designed to minimize the processing load and memory usage. They usually don’t have the additional processing power needed to carry out the extra load for security protection”.
The current scenario, however, leads us to the inference that there is a need for device manufacturers to get very serious about protection. “We may need to wait until a new generation of these devices … replaces the existing generation. The rub is that many of them are designed to remain installed for a decade or more”, Kleinrock said. “At the same time, we need to address this growing threat now that it has been exposed”.
Final words:
Every user needs to put in some effort and do their homework — you need to take a look at the device’s capabilities and to ensure that the device has adequate security measures in place to keep it secure prior to purchase, and definitely before you install it or include it into your life.
Take our word for it — personally identifiable information is crucial to keep secure and secret. What’s a few hours of effort in a year, compared to the heartburn and insecurity?
Spend this weekend updating your devices!
Originally published at Chip-Monks.
