5 ways to protect your smart devices from cyber threats
By: Yelekal Mengistu
Are Smart Home devices dangerous?
In recent times, there have been reports of a series of hacks into people's smart devices. These hacks have raised a red flag among the smart home community. If there is actually a security risk, how do you counter it? How much does it compromise the safety of your home and your personal privacy and those in the house? And what steps are being taken to make current and future smart devices impregnable to cyber attacks?
In this article, you will find the 5 steps we have devised to shield yourself from those types of attacks.
History of cyber attacks
Cyber attacks are nothing new. They have been around ever since the late 80s as computers got more and more sophisticated and networks using the internet grew heavier. The first of such attack happened in the state of New York in 1988, a graduate student from Cornell University named Robert Tappan Morris was conducting a research. He wanted to know how vast the internet usage was.
To give you perspective, the estimated internet user at that time was about 6 million. In order to achieve his objective, he created a program that would 'crawl', just like a worm, on every computer that was using the internet. The so called 'worm' would attach itself to a computer giving Morris a head count of all the users.
This experiment to deduce the vastness of the cyberspace had some complications however. The program that would crawl the web was morphed into a virus that started to duplicate on every computer that it came across. Worryingly, it also affected the computers that had already installed the program, which made the virus even more potent.
Morris had diligently created a command that would force the worm to install itself one out of seven times, probably aiming for accuracy we believe. With each duplication, the attack got more sever. By the end of it, approximately 6,000 computers were destroyed and an estimated repair cost of up to 1 million dollars was factored in repairs. That sum was huge in 1988, adjusted to inflation, we're probably looking at $10-$100 million.
Viruses cripple computers, they attack their internal infrastructure and disrupt the normal network traffic effectively overwhelming it with a considerable sum of internet traffic. This type of attack is called a DDoS or distributed denial-of-service.
Other DDoS attacks have manifested ever since, most notably the 1995 'Win-a-Porsche competition' rigged radio completion, the 2008 cyber attack on the Church of Scientology where more than 500 DDoS attacks were reported and most recently, Equifax, a large U.S Credit bureau had its database hacked where the private details of 143 million user accounts were exposed. Data like social security numbers, birth dates, physical addresses, driver license's and even some credit card numbers were leaked.
Now how does all this tie into smart home devices? Well what we call smart devices are powered by what's called the Internet of Things (IoT).
Cyber attacks date back to the late 80s
IoT: The Internet of Things
Matt Burgess, a columnist for wired.com, describes IoT encompassing 'Everything connected to the internet'. Indeed, as simple as that sounds, that's what IoT represents: a series of devices connecting with one another to deliver action.
Think of it this way: we have smart devices, they are linked with networks and what they transfer is data that in turn helps us give the specific commands. Most physical devices can be transformed into an IoT device. All that's needed is a chip powered device with internet protocol (IP) address so that it can communicate with another IP identifier owning device. Basically, an IP defines a set of standardized rules that are necessary for the communication of two devices to occur.
Having said that, smart devices are more complicated than ever. Yet they abide by these rules otherwise the laws do not permit for an IoT operation.
The term IoT was coined by Kevin Ashton, a pioneer in the technology sector, back in 1999. He understood that there was possibility to use an already existent technology called RFID or Radio Frequency Identification that identifies specific objects collecting data and transmitting those data. This system of data storage was pivotal in the establishment of device connectivity.
While its applications were primarily aimed at the industrial level, IoT is playing a pivotal role in the expansion of smart consumer goods. Take for instance light bulbs, a decade or so ago, they were just an accessory to your household. Break one and you can replace it the next day, inexpensive and mundane. However, with the power of IoT, its functionality has changed.
Now if we look at the weak spots of the IoT process, we can refer back to the DDoS hit of 1988. As our smart light bulb from our example communicated with another device, i.e our smart phone, it's revealing its IP address, thereby revealing critical information about itself.
It all starts at the point of set up when the device is installed on the home network. Most of us relinquish vital data about ourselves, our network in order to progress in the installation phase. This creates a soft entry point that is easily identified by hackers.
Zak Doffman is a contributor for Forbes. On his recent column “FBI Issues ‘Drive-By’ Hacking Warning: This Is How To Secure Your Devices” , he cites a 'gaping hole in [our] online security'. His worry is in direct correlation with the emergence of Internet of Things. Doffman makes the point of a common firmware when setting up smart devices. Apps that live in our phones have the same settings structure and most of the time, we tend not to pay attention to 'app permissions', taking the security measures for granted.
But by far, the biggest access point seems to be when 'IoT platforms look to the outside world for firmware updates and to your home network to interact, [thereby] a risk is created.' Most recently, some users of the famous alarm door system Ring have reported numerous breaches whereby hackers were able to access the speaker intercom inside the devices, speaking directly to the owners. A big concern is, what's next. First the intercom and then what, the secret combination to the front door.
Clearly, these attacks have put the whole idea of IoT powered devices usage into perspective. Reality is, the threats will always lay around but there are ways to mitigate them.
The Ring Door Alarm has been criticized recently due to numerous cyber breaches
It should be known that, buying a smart device isn't necessarily inviting a stranger to your home. Believe it or not, many manufacturers have built in security systems that are, however vulnerable, used to ward off viruses and potential threats. However, there are constant ramifications of these threats and that is way steps are being taken to put out preemptive strikes.
Norton is a household name in anti-virus and cyber security space. It has been for many years now so it comes as no surprise that it has put out a list of 12 prevention points for your IoT devices. But before we get into them, two main reasons are pointed out for potential breaches. First one as discussed is the lack off or weak security measures implemented into the IoT devices (Clearly, as we mentioned above). The second one being your router. Malware such as VPNFilter can attach itself to devices connected to the router and make it inoperable. By getting access to the flowing internet traffic, your critical information such as your password can be exposed.
Companies focused on cyber security like Norton are issuing security measures to combat threats
Although 12 have been cited, here are the 5 mention able prevention points from Norton:
- Using a strong encryption method
Wifi networks have an encryption method that in layman's terms 'encrypt' the information that is exchanged over a wireless network. The best wireless protocol these days is WPA2. It is the first and usually last line of defense in protecting your home network. The WPA2 will ask for a code or a password when trying to access the network. Your router will usually be set, by default, with the more weaker and outdated WEP protocol. You can upgrade to WPA2 settings by going to the router manufacturers' website and downloading the latest firmware. Apply those WPA2 setting on all Wifi devices.
- Set Up a guest network
Each router brand has its own guest network creation step-by-step. Easiest way of doing this is by entering your router model and brand name and adding a 'How to set up…' and the rest will just be following instructions. Having a guest network will allow you to create separate access for visitors, friends, and relatives. This network will not tie in into your IoT devices network keeping you safe at all times.
- Change default usernames and passwords
When setting up your IoT devices, make sure to change the default usernames and passwords that are provided by the manufacturer. In most cases, cyber attackers have already built a comprehensive list of of many default settings on most IoT devices. To this end, it's best to always buy a device that let's you change its factory credentials.
- Act fast when updates are available
Whenever an IoT device manufacturer sends a notification for an update, make sure to download it ASAP. The update might contain a security upgrade, perhaps in response to a recent data breach or it could just be a preventive measure. It is equally important for protecting your mobile phones since they are the ones which carry the apps on which the data is loaded. Sensitive information live on that small piece of hardware, keeping it extra safe should be a priority.
5.Add Two-step Authentication
Having a two-factor authentication ensures an extra layer of security. Taking this measure enables you to get a temporary pass code that is usually sent to your cell phone. An authentication can be considered as a verification process whereby a fact or a truth is required: password, date of birth, driver's license number. But the next step of generating a pass code is the primary source of authentication.
Amongst the plethora of security measures that are promoted to keep your IoT devices safe, these listed above hold great emphasis. Nevertheless, all possible steps are advised no matter their degree of shielding strength.
The threat on smart home devices is real. IoT powered devices find their vulnerability in their innovative design and complicated operations. One can assume that when a strata of complexity is added, the security measures followed suit. But that's not how things work.
History shows that, networks that are connected through the internet are prone to cyber threats. Over the course of time, these threats have come in different shapes and sizes. Slicker and more refined versions of the original viruses have caused havoc on multiple systems. Now the fear of being vulnerable has crept into the smart home users and it was never in doubt.
Incidents like the Ring breach is prompting the revision of the compromising software in many IoT devices. Vital information like your door pass code might be available to those trying hard to get into your home.
However dire the situation, these security weaknesses are few and given the scope of the smart home community, they represent a small scale of users.
Nevertheless, anticipating cyber piracy is nothing new. Extreme measures are and will be taken within the future. Thankfully, those on the defending side like Norton are familiar with cyber warfare. Their experience in the field is aiding to the survival of the smart home community.