The internet is everywhere, thanks to the Internet of Things (IoT). The term “Internet of Things” applies to any nonstandard computing device that connects to wifi and can transmit data. Well-known examples of IoT devices include smart speakers like Amazon Alexa or Google Home, smartwatches like the Apple Watch, internet-connected baby monitors, video doorbells, and even toys.
However, the convenience these devices offer comes with a price: insufficient security measures, vulnerabilities, and the risk that your data will be compromised. But don’t be alarmed if there’s already an IoT device in your home – we have some tips on how to best use them safely.
IoT devices can be inherently insecure due to their easy setup and lax security measures. These devices are usually designed to be used right out of the box with minimal setup, so users often aren’t prompted to set up their own password for the device. In some cases, devices of the same make/model may come equipped with the same default password. This means that if you buy the same device as your neighbor, their device could have the same password, making both devices easy targets for cybercriminals!
Password security for IoT devices is all too important, as demonstrated by the CloudPets breach in 2017. CloudPets, internet-connected stuffed animals that allowed children and their loved ones to exchange voice recordings were the toy of the future, until they exposed 2 million of those recordings as well as the personal information of over half a million users. While this breach was ultimately caused by insecure storage of the recordings, the company’s lax password requirements could have made CloudPets an easy target for cybercriminals either way.
Voice-activated devices like smart speakers have an additional set of security concerns. These devices can’t distinguish between voices, so anyone with access to the device can make purchases or take other actions. This vulnerability has been harmlessly exploited by Burger King advertisements, an episode of South Park, and a roommate innocently ordering Cadbury eggs, but it highlights an issue that could easily be taken advantage of. Consider also that voice-activated devices are usually always listening – “it’s like willingly bugging your own home and hoping no one tunes in.” This feature can usually be deactivated, but that, of course, makes the device less useful.
You don’t have to know a ton about tech to safely use IoT devices. Here are a few easy best practices for IoT safety:
Make sure your router and device have secure, unique passwords. Changing the password that the device comes with should be your first step! As mentioned above, if you and your neighbor purchase the same device, it’s likely they’ll both have the same password, so you can reduce your chance of attack by changing it to a unique password.
Keep the device updated. Updates often include security patches, so it’s critical to install updates as soon as they are available. You may be able to set your device to update automatically. Additionally, be aware of devices that are phased out and no longer receive updates. With how often technology goes out of style, this may happen more quickly than you realize!
Use a debit or credit card specifically for that device. A Visa gift card or similar reloadable card is a great idea because it isn’t tied to your bank account, minimizing the damage that could be done if the card is compromised.
Don’t connect it to sensitive email accounts. Connecting the device to your work email account, or a personal account that has sensitive information could allow cybercriminals access to things you don’t want them knowing about.
If you’re extra tech-savvy, you can take your IoT security up a notch by following these steps.
Turn off Universal Plug and Play. This feature allows networked devices to automatically discover and communicate with each other – however, it can also expose your device to nosy cybercriminals.
Connect the device to its own wifi network. This way, if the device is breached, it doesn’t allow malicious access to any other internet connected device.
Use restriction options in your router/firewall to grant the device minimal access. This ensures that the device only communicates with the devices you’ve allowed it access to.
For an audio guide to all things IoT, check out Decoding Security 103: Internet of Things. Still considering purchasing a smart device? Consider this IoT security checklist before you make a decision. You can also follow the SiteLock blog for more resources on cybersecurity!