The “Internet of Things”, or IoT, is the name given to the barrage of consumer devices recently released that connect to the internet. These include security cameras, baby monitors, DVRs, thermostats, light bulbs, refrigerators, and all kinds of devices that somehow we can’t live without anymore. We tend to think of them as devices with a computer attached. These devices can be a huge security problem, though, and it is more accurate to think of them as a computer with a device attached. These devices sit behind your home network’s defenses and interact with all of your other devices in what should be a safe area. They are designed as consumer devices, and there is just not much of a concern for their security. Most users never change their default passwords or update their programming, and many of these devices have backdoors that their owners have no control over. This makes them a rich target for hackers, who can take control of them and use them to attack other targets.
There are a number of steps you can take to protect your home network and limit your exposure to security risks. The first step is to secure your router, which I discussed in the last letter. That will secure your perimeter. Next you need to look at all of the devices that can punch holes through it.
You should take an inventory of all of the network-connected devices in your home. You will very likely be surprised at how many there are. They include all your computers, smart phones, tablets, and smart watches. Cable boxes, DVRs, and gaming consoles all connect, as do security systems and cameras. If you have Amazon’s Dash buttons or Echo, they go on the list. Smart thermostats, lighting systems, and networked speakers do as well. Most likely, you will need to include your printers. And there are a whole lot of new connected devices you probably don’t have yet: door locks, smoke detectors, washers and dryers. Pretty soon, everything will be connected.
The second step is to change the default passwords on each device and update its firmware. This may seem like a daunting task, but if you’ve started using a password manager (hint!) it will go a lot quicker. You can find directions on changing the passwords on the manufacturers’ websites. Updating firmware is only a little bit more tricky. Firmware is the built-in programming on a device, and will usually be updated periodically by the manufacturer. Unfortunately, the manufacturer usually leaves it to the consumer to check on available updates and install them. Consequently, it seldom happens. This is one of the most important steps you can take for securing these consumer devices, however, so set aside some time to do it!