Should Brits really be fearful of IoT?

Go to the profile of Cesare Garlati
Oct 12, 2017
0
0
Upvote 0 Comment

The latest developments in smart home technology has created a revolution. There are devices built for home security, home entertainment and home utilities which all have the same end goal: to assist and improve the human functionality. Unfortunately, this dream of having the home of tomorrow today has led to IoT device purchases spiralling through the roof, with manufacturers and developers riding this wave, supplying the masses to meet the demand. However, this has led to some dire consequences with security within IoT devices practically non-existent. “IoT security is broken” is the phrase coined by those within the industry which is far from being an exaggeration and has left consumers fearing for their safety.  

A study by MoneySuperMarket wanted to uncover the general perception towards IoT technology in the smart home from the British public. The findings were not overly positive. The survey revealed that British citizens were far from ready to embrace IoT with 76% worried about the risks associated with the technology. In fact, just over half (51%) were fearful that their homes would become a target for hackers. With hacked devices, robots and appliances all making the headlines, this fear of IoT is more than justified and should trigger a reaction from manufacturers that security is a huge worry for consumers. Security needs to be implemented at the development stage and many have called for a change in approach, yet this may take some considerable time and so it’s left to consumers to fend for themselves. Thankfully, there are several security checks and tips individuals can follow to help secure their home for IoT:

 

 Update the software of the home gateway device at least once per quarter.  As soon as vulnerabilities are publicised, hackers will be almost instantly try to take advantage of them. If you’ve purchased your own router, you are responsible for making sure the software is up to date.  For those who subscribe as part of a service, the provider will push these updates to you. 

Make sure the admin console on your home router is password protected. Many people will have a password protecting access to their wi-fi networks, but this is a separate password for the admin console.  Make sure it is a strong password and not the same as any other used for your other devices.  Never give anyone else access to your router.

Ensure you use the WPA2 protocol and protect it with a meaningful, strong password. This is extremely important for those using legacy devices as older protocols such as WEP which were found to be insecure.

Activate Media Access Control (MAC) filtering. You can set up your devices on your router using this unique identifier so that rogue devices will not be able to connect.  Your router will then tell you what is connected to it and you can restrict access to any unknown devices.

Turn off wi-fi protected set-up (WPS). After initial set up of the gateway, WPS is no longer required nor it is robust or reliable.

 

Practice security by separation and take advantage of the “guest network” feature on modern routers.  The guest network on modern routers will allow lower trust users to access wi-fi, for example, but not have the same level of privileges.  It is secured by a separate password and isolates devices connected to it from the main unit. 

Don’t bother hiding your SSID.  The Service Set Identifier for your wi-fi router isn’t a great method of security anyway, so hiding it doesn’t help. If you do hide it, all that will happen is that your end points will have to work harder and therefore consume more power.

 

Securing your privacy should not be ignore as negligence towards IoT security in the home will be punished. The strongest advice would be to secure the home router. Failure to do so is comparable to leaving your front door unlocked. This is your first line of defence against attackers. You are exposing not only your private information but yourself and your family.

 

The prpl Foundation Smart Home Security report details the fundamentals for IoT security from which consumers can use to reduce the risk of being attacked. If you are purchasing IoT devices then you must understand the risks associated. To do this, we as consumers, need to start taking more responsibility for the security in our connected homes and understand how exposed we really are with such devices. By taking control of the security in our smart homes, we can help reduce the risk of personal data theft, fraud or worse.

 

 

 

 

Go to the profile of Cesare Garlati

Cesare Garlati

Chief Security Strategist, prpl Foundation

Cesare Garlati is an internationally renowned expert in information security. Former Vice President of mobile security at Trend Micro, Cesare currently serves as Chief Security Strategist at prpl Foundation – a technology nonprofit dedicated to enabling security and interoperability of embedded systems. Prior to Trend Micro, Mr. Garlati held leadership positions within leading mobility companies such as iPass, Smith Micro Software and WaveMarket. Prior to this, he was an engineering manager at Oracle, where he led the development of Oracle’s first cloud application and many other modules of the Oracle E-Business Suite. Cesare has been frequently quoted in the press, including such media outlets as The Economist, Financial Times, The Register, The Guardian, ZD Net, SC Magazine, Computing and CBS News. An accomplished public speaker, Cesare also has delivered presentations and highlighted speeches at many events, including Embedded World, Mobile World Congress, Gartner Security Summits, IDC CIO Forums, CTIA Applications, CSA Congress and many editions of the RSA Conference. Cesare holds a Master in Business Administration from U.C. Berkeley, a BS in Electrical Engineering and Computer Sciences, professional certifications from Microsoft, Cisco and Sun, and he is a Fellow of the Cloud Security Alliance.

No comments yet.