Here’s What You Need to Know about the Internet of Things
You might have heard of the term the ‘Internet of things’ or you may have read it in one of the tech-related blogs you follow, but what exactly does this term mean? And why is it especially important to understand for regular folks like you and me these days?
The Internet of Things (IoT) is an internet created not between individual users (persons), but among interconnected “smart” devices that share data with each other. The term IoT is often used to label any smart device in homes that can access the internet but was not intentionally created for this purpose.
Here’s What You Need to Know about the Internet of Things
You may not know it yet, but we’re already living in a society built on the internet. Anything that has been embedded with a processor and a bunch of IoT sensors becomes a “smart” tool or device (i.e. home appliances).
However, there are certain limits to what these smart devices can do. And while the concept of IoT has been around since the mid-90s, it was only towards the end of that century when the first “smart” device (an internet-connected soda machine that can go online to check if it had any drinks on it before it can be restocked by its supplier) was introduced. And more recently, interest in IoT devices has grown rapidly due to access to smaller and more powerful processors, as well as the opportunity to integrate them into our daily lives through smartphone apps.
Here are some examples of IoT tools and devices:
- An oven you can set to preheat from your smartphone even when you’re outside.
- A refrigerator that can restock itself by ordering items that are almost out.
- A baby monitor you can check from work or outside.
- A thermostat you can control to cool your home as you head back after a long hot day.
- A pacemaker than can gather biometric data to be sent to your doctor for monitoring.
These are just a few examples on how the IoT is being integrated into our daily lives. Not just that, other industries and even the government use devices that can be considered part of IoT, depending on who you ask. Examples of these would be manufacturing equipment, water treatment facilities, or even remote-controlled mining machineries.
As of now, the IoT industry is considered to be on its infancy stage, relatively speaking, as manufacturers are still trying to figure out what people need IoT devices for. Not all IoT devices will necessarily become helpful, but almost all of them will pose some level of cyber security risks.
What are IoT-related cyber security risks?
At present, IoT devices are ideal sources of cyber security vulnerabilities. Here are a few reasons why:
- Most manufacturers do not put much thought on the security side of things. In the process of rushing the development of IoT products for market consumption, security takes lesser priority compared to functionality and aesthetics.
- IoT security is not so simple and easy to implement. Even if manufacturers aren’t rushing the development of their products, security features can be hard to lay down when it comes to IoT devices. This is mainly because of the technical limitations of the materials they’re working with. Programming the device is a whole lot different from programming the program’s user interface (UI), where all of these are being integrated in a relatively commercialized and low-powered platform. This only means that there will be limited computing power allocated for encryption, decryption, and other technical processes required to set up substantial built-in security features.
- Many IoT platforms are distributed with default logins. Instead of setting up each device ready for shipping with individual username and passwords, manufacturers opt to simply assign default ones for each only because this is much easier on their part (e.g. admin//123admin.) And even if these devices come with instruction on how to set up or change the default password, chances are most users still don’t do it. Given this scenario, hackers can easily log into these devices once they identify an unsecured device as explained in the next point.
- There is a search engine or database for IoT devices. You probably may not have heard as much of Shodan as with Google, Bing, or Yahoo. But this is a special search engine that specifically locates IoT devices all over the world. If you know what you’re looking for (i.e. technical specs or parameters), with even just simple terms like “webcam”, Shodan will come up with thousands of hits for your search. If the device you’re looking for is connected to the internet, then it’s likely that Shodan will locate it. At this point, anyone who’s done even just a little bit of research can log-in to the unsecured device with minimal effort. And if they put in more effort into it, even those with minimal security settings can be compromised.
- IoT devices are known to be excellent malware hosts. Given the very limited security features applied on most IoT devices, malware can easily infiltrate these systems and cause further attacks in similar devices connected within the same network. IoT devices are also known to be instrumental in launching DDoS attacks which require a large number of devices that run simple bots to attack their target.
Even if you think or are made to think that your IoT device is secure (which most likely is not), there’s still another important risk you are exposed to through your device – privacy violations. A lot of IoT devices are known to collect massive amounts of data for their manufacturers or developers on the notion that this data is only utilized to enhance the device’s functionality. However, we cannot discount the fact that there may be a few companies out there who won’t be able to resist the price they can trade for detailed user data.
How to Secure your IoT Device/s
- Read the manual and update your passwords frequently. Let’s admit it, not all of us have the will and determination to read through the friendly manual (RTFM) upon unboxing our devices. This holds true for setting up different passwords for each of our devices. And while the deed is small, the difference it makes cannot be undervalued, so it’s important for all users not to skip it.
- Check if there is a need for you to access your device remotely. By realizing why you need to use a device’s feature, you can balance out your usage and not favour convenience too much over necessity. It can be hard to gauge how much of an impact IoT devices offer us, but realizing that it’s completely fine to be without a WiFi-less oven is a sure-fire way to keep yourself one step safer from hacker attacks.
- Set up an off-line Wi-Fi LAN. If your devices can operate on a local area network (LAN), and if you have an extra router to spare, you can create your own offline Wi-Fi LAN that can be a great method to keep your devices secure. Many people don’t know that a router can operate even without connecting to the internet. By setting up a local network which your devices along with the computer or laptop you want to manage it with, you can allow device functionalities within your local network without them being exposed to online threats.
- Always keep your devices updated. Not all device manufacturers are as devoted to the security of their IoT devices as they should be, but if an update is offered, it would be a mistake not to take it. Updates may offer critical bug fixes and address other security vulnerabilities as there can be a lot of these with most IoT devices.
- Get a VPN service. Check if your router at home can support a reliable VPN which offers encryption for this set-up. Having a VPN integrated in your LAN will enable it to send outbound data while blocking incoming ones. This means that your devices can send you data, but no incoming communication with them would be possible. While this set-up will be quite inconvenient if you want to control your devices remotely, with a VPN’s encryption, hackers will be blocked as well.