Welcome to the Internet of Everything! In case you haven’t heard of it before, IoT or the Internet of Things, is the addition of a wireless network connection to…well, anything and everything. These are also commonly called smart devices—smart lights, smart appliances, smart locks, and so on. Your smartphone is in a bit of a different category since it’s a fully functioning computer with capable security features. That is, as long as you’re using those security features. Don’t get me wrong, I like tech gadgets as much as the next nerd but there’s a point when you have to ask, “do I really need wi-fi connected light bulbs?” The more connected devices we have, the more vulnerable we can be.
There is a concept in security called the attack surface. This represents the total of potentially vulnerable/ compromisable devices that are attached to a network, wirelessly or wired. Regardless of actual security countermeasures in place, the more devices on the network, the greater the attack surface. If your security practices are up to par and all of your connected devices are trustworthy, maybe you don’t have anything to worry about. You really have to be aware of what you’re connecting and be sure that it’s safe to do so.
Case in point, in 2018 hackers discovered an unsecure fish tank thermostat which was connected to a wi-fi network…in a casino… My assumption is that it likely didn’t have a password or just used the default password. The hackers used this as an access point into the network—a tactic known as a pivot which is more commonly seen used against wireless cameras that people install at home. Once in the network, they discovered and copied the casino’s high-roller database, which they pulled right back out of the network through the thermostat.
Hackers stole a casino’s high-roller database through a thermometer in the lobby fish tank
If your argument is, “well, my smart hairbrush isn’t technically connected to my wi-fi, it’s just connected to the app on my smartphone.”, think about the fish tank story I just related. If your xyz device emits a signal, that signal can be monitored, captured, and analyzed. If that device is unsecure, it can be compromised and used to access your phone. If your phone is unsecure, it’s now a pivot point into your home wi-fi network.
In a time when our refrigerators, washers, and dryers can be connected to wi-fi, what should we do to stay safe? First things first, ask yourself, just because my new vacuum cleaner can connect to the Internet, do I really need to do that? Next, if you find yourself not able to live without a connected/smart speaker, do your homework on it. Is it produced by a reputable company? Companies that sell low end products aren’t going to invest in quality wireless security practices. In fact, some of them may be intentionally compromised. Next, look for security features in the device. Does it use passwords, encryption, etc.? Another important thing to find out is if the devices firmware can be updated. Not sure how to research any of this? Look for product comparisons by reputable reviewers like c|net, PCMag, or TechRadar. For example, “The best smart home devices of 2020”—what a coincidence! (cnet.com). Last but certainly not least, don’t forget, for the love of all that is holy, CHANGE THE DEFAULT PASSWORD!!!
Yes, smart toasters are really a thing too – https://www.idaptweb.com/smart-toaster/
And so are smart hairbrushes – 10 stupid IoT devices that we just didn’t need
If you want more and have time to kill – most ridiculous iot devices