Tags: smart device | internet of things | iot | cybersecurity

Smart Devices: To Connect or Not Connect This Holiday Season?

Smart Devices: To Connect or Not Connect This Holiday Season?

A Nest thermostat is being adjusted in a home on January 16, 2014, in Provo, Utah. Google bought Nest, a home automation company, for $3.2 billion taking Google further into the home ecosystem. (George Frey/Getty Images)

By
Friday, 09 December 2016 04:41 PM Current | Bio | Archive

More than 5.5 million (and exponentially growing) Internet of Things devices are sold and connected to the internet every day. Some will be gifts this holiday season, and some are simply part of our daily lives, but if you believe they are secure, please read on.

The hackability of the “networked” car was one of the first creepy security stories to emerge from IoT’s push for Jetson-like consumer convenience. The stories were legion, one of the most publicized being the Jeep hack, where ethical hackers, demonstrating what was possible at the Black Hat security conference, stopped a car in the middle of a highway. They were also able to disable the car’s brakes at low speeds. And, those were just two of the many highlights of their presentation.

There has been no shortage of publicized experiments showing just how easy it is to hack these devices, and whether it’s a toaster or a webcam, the takeaway here is that the culprit is not a “400-pound guy sitting on a bed,” or rather, if it is, he’s binge watching Mr. Robot and not furiously typing code to worm his way into your life. The hacks that take over IoT devices are scripts that automatically find and colonize their targets.

The distributed denial of service (DDoS) attack on Dyn last month was the tip of an iceberg that could have titanic consequences for all of us. A script herded together more than a hundred thousand IoT devices — mostly webcams and routers — enabling the perpetrators of that hack to slow, or stop, traffic on the East coast to huge sites, including Twitter, PayPal, Amazon, Playstation, Verizon, and CNN to name a few, by overwhelming them with fake (junk) traffic.

While there was no ransom attached to the Dyn DDoS attack, the day will come when something huge is held hostage. Mirai, the IoT-enslaving script that made possible the recent DDoS attacks and that security expert Brian Krebs calls “a crime machine” was closely associated with a hacker named Anna_Senpai. That name has already been used in ransom attempts.

It Effects National Security

The firepower that these attacks have mustered is extremely disturbing. It is only a matter of time before something much bigger (think critical infrastructure sector) “gets got,” and a serious national discussion about how to keep that from happening is way past due.

So, what could be bigger than Twitter?

You don’t need me to tell you. The U.S. Office of Personnel Management has been hacked, the FBI has been hacked, the White House has been hacked. Mega-banks have been hacked. Target and Yahoo have been hacked. Municipal Transportation Authorities of major cities have been hacked. Nothing is safe or sacred, as Anonymous demonstrated when they hacked the Vatican.

Changing Your Password Isn’t Enough

The common refrain now is that we should all avoid the default user name and password combinations that come from the manufacturers with many IoT devices.

Were this only a solution, but it is not. The idea is that changing a user name to something unique and setting a long and strong password will prevent the conscription of IoT devices into zombie armies that are being assembled by scripts like the Mirai crime machine.

There is ample evidence that many scripts are exploiting administrator “back doors” that are not password protected, so that even if you replace their password with your longer and stronger password there’s still a way in. And thus the question becomes, “What now?”

The simplest answer is that is it isn’t as simple as we would assume or we would like. We need to be more careful. Here is a checklist of questions we should be asking ourselves and further precautions we can take to better secure the countless magical (and not so magical) digital devices that surround us:

1.) Does that particular device need to be connected to the Internet? Clearly routers and webcams need to be, but the latter doesn’t need to be connected when not in use. It’s important to weigh an unused convenience against a known liability. If you don’t need to have something connected, don’t connect it.

2.) Change all default settings. While it is true that your device can be hacked by other means, this does not give users license to be sloppy. Your goal here is to shed vulnerabilities and constantly strive to decrease your attackable surface.

3.) Make sure the firmware is up to date. If you are going to connect a device to the internet, do not ignore the requests it makes to update the firmware it runs on, this is crucial to the device’s security.

4.) Universal Plug and Play, or UPnP, is a set of networking protocols that enables devices on the same network to find each other. Unfortunately, it also allows malicious scripts to hack your devices so that a printer does double duty — moonlighting in a botnet or DDoS attack. Turn it off.

5.) Cloud services are not all created equally. Do your homework and make sure that the service you’re using is contracting with a reputable cloud provider.

6.) Set up a separate WiFi guest account for IoT devices, one that is not shared by other devices that need to be networked, like your computer, smartphone, printers, etc.

7.) Use your head. The more time you spend actually considering the various ways in which you are exposed to hackers, hopefully the more careful you’ll be about how you conduct yourself in the networked world we all inhabit.

Adam K. Levin is a consumer advocate with more than 30 years of experience and is a nationally recognized expert on security, privacy, identity theft, fraud, and personal finance. A former Director of the New Jersey Division of Consumer Affairs, Levin is chairman and founder of IDT911 (IDentity Theft 911) and co-founder of Credit.com. Levin is the author of Amazon Best Seller "Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves." Read more of his reports — Go Here Now.

© 2019 Newsmax. All rights reserved.

   
1Like our page
2Share
AdamLevin
More than 5.5 million (and exponentially growing) Internet of Things devices are sold and connected to the internet every day. Some will be gifts this holiday season, and some are simply part of our daily lives, but if you believe they are secure, please read on.
smart device, internet of things, iot, cybersecurity
1008
2016-41-09
Friday, 09 December 2016 04:41 PM
Newsmax Media, Inc.
 

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© Newsmax Media, Inc.
All Rights Reserved