What do modern cars, refrigerators, pacemakers and baby monitors have in common? When they’re web-enabled, they’re collectors of personal data. Welcome to the internet of things (IoT for short). Consumers may love the convenience of web-enabled household products, but experts say IoT security hasn’t kept pace. That puts the data stored inside these devices at risk.
What is the ‘Internet of Things’?
“Internet of things” refers to everyday objects or appliances that can connect to the internet through wireless technology. If you wear a fitness tracker that counts steps or control your home’s temperature from an app on your phone, you’re already familiar with IoT. Web-enabled refrigerators, washing machines, lamps—even microchips embedded in livestock and pets—are all examples of IoT technology.
The widening use of Wi-Fi and dropping costs of digital sensor technology are pushing the trend. There will be more than 20 billion IoT devices in circulation by 2020, according to Gartner Inc., a technology research company.The challenge for consumers and manufacturers is IoT security.
Can IoT be hacked?
Yes. In fact, some of the biggest (and most expensive) security breaches occurred because a hacker exploited a security flaw in an IoT device.
Hackers know that web-enabled devices are a potential goldmine of personal data just waiting to be stolen. A skilled hacker can break into your home or business network by exploiting the security weaknesses present in your thermostat, TV or digital assistant. Think it sounds too creepily futuristic to be true? Think again: Web-enabled baby monitors, medical devices and smart refrigerators are just a few of the everyday items known to be vulnerable to security breaches.
Cybersecurity experts predict that the gap between the number of IoT devices in circulation and the security required to protect their owners will only widen. And once a product is out the door and in a new home, there’s little incentive for the manufacturer to release security patches.
“Security pros talk about this all the time,” said David Iacoponi, the founder of DAI Consulting and a 27-year cybersecurity and information technology veteran. “Not a lot of companies have the incentive to back-test a $30 baby camera.”
Internet of Things security: How to protect yourself
Chances are, your home network’s security capabilities aren’t as strong as the one employed by your bank or credit card company. But a few steps can help protect yourself from these device hacks:
- Change the default password on your IoT device. “It’s hard to believe, but some manufacturers issued the same password to everyone who bought their device,” Iacoponi said. “Change the default password to one that is as complicated as the one you got. Better devices usually have nice and secure setups.”
- Always install updates and security settings, and replace outdated tech. As tempting as it is to ignore those pesky emails and notifications, if the manufacturer reaches out, install the update. Oftentimes, those updates will include security patches that boost or fix protections. If you don’t get any notices, check the manufacturer’s website every few months—especially if your device contains sensitive personal information. “Hackers look for machines that aren’t patched up to date,” Iacoponi said.
- Read product descriptions and reviews carefully. Do your homework. Avoid buying web-enabled products that won’t let you change the default password, and learn what data the device will collect and store. Although plug-and-play capability offers fast and easy setup, stronger security is safer in the long run.
- Use your antivirus software, and make sure it checks for spyware. Don’t forget to run security software every couple of months, even if you believe it’s “always-on” technology. A full scan can detect malware placed on your machine or network by an enterprising hacker, and eliminate it from your system. Remember, hackers don’t want to mess with your thermostat setting or turn your lights on in the middle of the night; they’re “listening” to your system for interesting information, such as your bank account login and password, Iacoponi said.
The bottom line
In addition to following these best practices, don’t underestimate the power of common sense. That includes monitoring financial and email accounts for suspicious activity, diving deeper on who may be sending mysterious emails, or using reverse phone number services to track strange calls. Make thoughtful choices about where, when and how to connect to the web—especially if you’re using public Wi-Fi.