Keep hackers out of your IoT with these simple precautions
The benefits a smart device brings to your life are undeniable, but so are the risks. Unless you take some minimum precautions, you may find that you’re not the only one controlling your device. And you may find yourself unwittingly causing damage online.
Smart home devices are computers designed for specific tasks. Just like a laptop or mobile phone, they can be hacked and used for nefarious purposes. Protecting the gadget and yourself from hacking starts with buying a product with a good measure of defenses.
Choosing a device from a manufacturer who is aware that their devices will need firmware updates in the future is a good start. It should have a mechanism that ensures you get security corrections automatically, without having to look for them and install them manually.
The UK’s National Cyber Security Centre (NCSC) warns that most smart devices are insecure when you power them on for the first time, as they all have an identical configuration from the manufacturer. Securing the default setup starts by changing the password, which needs to be unique, and contain as many and varied characters as supported.
Extra protection against illegal access comes by enabling two-factor authentication (2FA) for logging into the device’s account. If this option is available for the online account used to manage the smart device when you’re away from home, NCSC strongly advises turning it on.
2FA is a protection beyond the login password. Even if hackers manage to get their hands on your account username and password, 2FA asks for an extra authentication code with temporary validity available through a device you typically have on you (mobile phone, physical authentication token) or a service that only you can access (authenticator app, your email inbox, text message).
Installing all updates from the device vendor is also essential to keep the bad guys out. Hackers put little effort into developing new methods to compromise systems. Mostly, they will rely on users’ delaying the installation of the latest firmware versions.
Vulnerabilities abound in Internet-of-Things systems and most of them are easy to exploit. Installing all updates from the manufacturer is essential to keep the bad guys out. Hackers put little effort into developing new methods to compromise systems and are less incentivized to do it when exploits for IoT devices emerge frequently.
If automatic updates are not available, the NCSC advises to add them manually when you are prompted that a new firmware version is available. And make it a habit to ensure that the operating system is up to date.
When selling the device, it should be restored to factory defaults (factory reset). This action applies the original configuration and should remove all personal data you used to customize it.
Image credit: Maria_Albertofirmware IoT password secure IoT security smart device tips update