Spyware in the IoT – the Biggest Privacy Threat This Year

Technology. It’s designed to make our homes more comfortable and workplaces more efficient.

But, every advancement towards realizing a 21st century quality of life comes with a wave of security threats, old and new. The consequences of which are not only born by companies who are the primary targets of cybercrime. Your home systems are more vulnerable than you think.

Simply defined, the internet of things (IoT) is a network of Internet-connected objects able to collect and exchange data. In today’s digital-driven world, IoT connects almost everything including homes, offices, and vehicles, allowing users the convenience of activating and operating nearly any device remotely.

Even with only a handful of networked devices connected, such as a thermostat, printer, and home entertainment system, you’re still providing a potential access point for cybercriminals to infiltrate your life. This is exactly what happened on October 12, 2016, when the Mirai botnet used an army of IoT devices — like security cameras, digital video recorders (DVRs) and routers — to execute a massive distributed denial of service (DDoS) attack which left much of the internet inaccessible. Cybercriminals were able to exploit the default password on thousands of these innocuous devices to carry out this nefarious attack.

Digital devices are often intended to deliver increased convenience by connecting our smartphones to various devices within our home or other locations. However, they can unknowingly provide attackers with access to financial and personal data that may be stored within these devices as well. When not secured properly on their own Wi-Fi channel, IoT devices can be more than an inconvenience, they can be seen as a critical security risk due to the poor security protocols like fixed default passwords.

Think your table lamps can’t expose you to danger? Think again.

The Main Threats to Your Mobile and Domestic Tranquility

As we dig more deeply into the IoT threatscape, it’s highly recommended that users’ consider the risks of utilizing public Wi-Fi connections, which suffer from the same security issues. When users connect to a public Wi-Fi router, these connections are considered insecure because users don’t have to input a password to establish a connection. They are essentially sharing their connection in the same space as others. These public domains are easy pickings for cybercriminals who patrol popular public Wi-Fi locations in the hopes of intercepting and stealing sensitive data to use as they please. Although a public Wi-Fi connection may seem convenient as you work remotely or pay last-minute bills, these connections pose as much, if not more, of a privacy threat than your home Wi-Fi due to the insecure nature of these connections.

To help avoid these online risks, it is highly recommended to use a Virtual Private Network (VPN). VPNs are the baseline cybersecurity tool to safeguard internet-enabled devices and a home network. A VPN provides a secure internet connection, ensuring your browsing data is encrypted for maximum privacy and security. As a best practice, install VPN software on your home router to secure your internet connection at home, and never connect to a public Wi-Fi connection without a VPN when you’re out and about.

Security threats to network-connected home and office systems are a relatively new phenomenon, as is IoT itself, though criminals quickly realized tried and true methods were the best way to gain access. The first wave of attacks began around 2016, just as IoT transitioned from the realms of science fiction to viable reality.

The first IoT casualties? Routers and IP cameras, which were infiltrated through weak access points due to password insufficiency. The IoT networks were probed for vulnerabilities, and those accessed were turned into botnets.

These cameras don’t even need to be installed in your home to invade your privacy. You can be sunning yourself by a poolside at your hotel, making copies at work, or having tea and scones at the local Starbucks, and unsecured cameras are broadcasting your every move to people who scour the internet for such things.

In the three years since those first IoT botnet attacks, threats to IoT security have increased to include crypto-jacking, denial of service (DDoS) attacks, and various other types of malware and online malfeasance. It’s up to each of us to do our part to safeguard our own privacy and data integrity by properly vetting these IoT devices before we purchase them.

What Can You Do to Protect Your Networked Devices?

Data security is a problem for anyone who has an online account, whether it be for health services, banking, or social media. The growing list of IoT network threats should put all of us on our guard. However, it shouldn’t cause us to be fearful. Knowledge is a powerful tool against cybercriminals.

Here are five things you can do to protect your IoT network. These can be used with any IoT network, whether it’s for business or home connectivity.

1. Monitor What’s Connected, and Whether it Should Be

There’s an old saying that goes “Just because you can, doesn’t mean you should.” Having an IoT-connected dryer or refrigerator may sound cool, but is it necessary? Evaluate which of your devices support IoT connectivity, and then decide which of them you really need to network.

If you have a router that allows you to create separate networks, consider doing so. This prevents the attackers from using IoT devices to communicate with other devices that store personal data on the same network, such as your home computer used to pay bills online. Then you can create a guest network for visitors or keep all questionable connections on a separate network from other devices. This is also the time to read up on how to install a high-speed VPN on a router as mentioned earlier.

2. Remember that Convenient and Easy Doesn’t Necessarily Mean Safe

Innovations like universal plug and play (UPnP) devices like your keyboard or mouse may make it easier for the average person to stay connected, but that level of simplicity also makes your devices more vulnerable to infiltration. Remember, if your devices can locate and connect to each other easily, so can attackers.

3. Learn about Password Optimization

One of the main points of entry for attackers is right through the front door via weak password protection. Many routers and devices are installed with a default password that’s easy to probe and penetrate. People tend to choose passwords that are easy to guess.

Use best practices like creating a separate password for every account and device, using two-factor authentication, and create strong passwords with a combination of upper-case and lower-case letters, numbers, and symbols. Keep them organized by writing them down and storing them in a safe place offline and offsite or use a password manager.

4. Keep a Divide Between Home and Office

The ability to work remotely is a convenience that comes with a downside that can leave your work or personal devices vulnerable and users should safeguard their connections by installing VPN software on their laptop to ensure proprietary data is always being encrypted. Many companies are re-thinking BYOD policies in recent years in order to protect their business networks. It’s better to keep a barrier between home and work, at least in cyberspace.

5. Update, Update, Update

Most manufacturers of IoT enabled devices update their firmware frequently. Make sure that all of your network-connected devices have the latest version. You should also install any security software updates and network security patches as soon as they’re available to patch any security vulnerabilities that can be exploited through outdated versions of IoT software.

The Bottom Line

There will be an estimated 30 billion IoT networked devices by 2020. Although October has been designated as the official National Cyber Security Awareness Month (NCSAM), that doesn’t mean you need to wait until next fall to become aware of the potential hazards.

The first step is knowing what the threats are (reading articles like this and subscribing to a cybersecurity news service is a good start) and how to prevent them. Then, you can put measures in place to ensure your online privacy and protect your systems more effectively