Tag: smart home

Cyber Threats Right Here At Home

Share

Last updated 5-16-2019

Smart home

Smart devices make your home more comfortable . . .

A look back to January 2018 in The Costco Connection shows “some of the smart tech you may want to invest in over the coming months.” The image above suggests 10 different smart technologies – lighting, windows, temperature, door locks, etc.

Note that I said “Costco.” This wasn’t Wired or Popular Science, which you might expect to have articles about the very latest in high-tech gadgetry. No, we’re talking mainstream — in 2018!

Moving forward to 2019, a search for the list of the top smart devices you’d want to have “right here at home” included these members of the IoT (the Internet of Things). How many of them do you have?

  • Smart Speaker
  • Security Camera
  • Light Bulb
  • Smart Thermostat
  • Smart Smoke/Carbon Monoxide Detector
  • Smart Home Hub

While their powerful features open the door to cyber threats.

Consider if all the personal information described in the next few sentences were available to casual hackers, the government, or criminals?

  • Smart phones – Shoot 4k video so you can play it back on your TV; recognize your fingerprint as password; track your blood alcohol level; track where you’ve driven and find your car; diagnose why it’s not starting. (Is your phone synced to your home computer so all this info is transferring?)
  • Smart watches – Receive text, email and tweets from friends; capture your fitness info; give you directions or track your run via GPS; lock, unlock, and start your car.
  • Smart homes – Respond to voice or touch commands to adjust air and water temperature, lights, locks and cameras; “learn” family habits and schedules; report on current traffic conditions along your route to work; read and adjust solar panels; start the laundry. (Are all the devices interconnected?)
  • Smart TVs – Connect to social media platforms; follow voice and gesture commands; display photos and videos from your phone.

Even if you don’t understand exactly where the threats lie, or will lie, you can recognize the threat.

How do these vulnerabilities come about?

A recent Advisory reviewed home and business security systems – all of which were internet connected — and in doing that research I read many, many advertisements and reviews. Not one had anything to say about security. But when I dug into broader background on the Internet of Things, I got a whole load of warnings.

  • Like every other product, IoT products are hurried to market to beat the competition. (Think Apple.) They don’t have time to spend on developing sophisticated layers of security that interact with every other device’s layers of security.
  • Device manufacturers may be as interested in selling information about you and how you use the product as in selling the product in the first place. So, the price their device ridiculously low. And they conveniently overlook certain aspects of security. (Remember the TVs that were capturing info about their viewers’ choices? And the “Talking Barbies” that stored and transmitted what the children said to their dolls? And very recently, the scandal of Amazon’s Alexa picking up on conversations in one home and sending them to another?)
  • Many IoT products are complex, combining software, hardware and services often provided by more than one supplier. Not infrequently, one or more of the suppliers sells out or even goes out of business somewhere along the line. A broken link in the chain is a hacker’s opportunity.
  • And IoT users – that is, us consumers – are not following smart security practices!

So what can we do to protect ourselves from these cyber threats?

Seven recommendations for your personal IoT devices as of May 2019.

1-Enable security features on all smart devices.
Not sure if there ARE security features? If the device connects to your home network, there had better be usernames and passwords that you can change from the default! In fact, the instructions should remind you to make those changes. Remember that default usernames and password combinations are published online and thus easily available to hackers. (The book mentioned at the end of this article has a suggestion for memorable passwords that won’t be hackable!)

2-Use strong passwords.
Are your children using the devices? Don’t give them an easy password so they can operate the thing. A simple password makes it easier for every hacker to break into the device!

3-Check for and reconnect or remove dead devices.
Some IoT devices are treated by the family or employees as toys, and after a while they lose interest in them. These neglected devices are precisely the ones that may provide an opening for a hacker. Take a regular inventory and clean up your IoT.

4-Schedule battery replacement.
Many of these devices operate using battery power. Batteries die – and when they do, you could cause a security risk. (Door lock won’t open? Fire alarm won’t go off?) Check all devices regularly until you know just how long their batteries will last, and then build a schedule for ongoing maintenance – with dates and numbers and types of batteries required.

5-Update firmware (operating systems) and apps.
If you find the updates on your phone or computer to be a nuisance, imagine having an entire collection of devices with apps that need updating! But it’s through updates that holes are stopped up and vulnerabilities are fixed. Watch for updates and apply them. (Not sure exactly how you’ll be notified of updates? Find out, so you don’t miss out.)

6-Be sure updates and/or network communications are encrypted.
You don’t want strangers listening in on your baby monitor, measuring your blood pressure or noting the hours when the house is empty! If your smart device sends unencrypted info across your home network and the internet, you are vulnerable.

7-Are any ports left open?
Some devices – particularly hubs or routers – need open ports to allow connections to the internet. The more ports that are open, the more vulnerable you may be to hackers. By and large, your firewall software will allow or block connections based on the profile you’ve set up. If you haven’t set up firewall software, do it. (If you aren’t sure how to find out about the status of your ports, you can get additional software to check on them.)

A next step for non-tekkies.

If you’re interested in getting a lot more familiar with IoT and IoT Security, plan on either spending a lot more time online or spending some money on one or more of the books available via Amazon or other book stores. Most of these books seem to be directed to IT professionals and have professional prices.

But here’s a fantastic book written by an expert, for ordinary internet users, in a clever and captivating way. In fact, I just finished reading it myself and HAD to put it up here!

The Sherlock Holmes Handbook for the Digital Age: Elementary Cyber Security

As a writer myself, I appreciate a story — hard to manage, sometimes, when the topic is technology. Author Alan Pearce puts you right in Sherlock Holmes’ living room in telling this story of”cyber threats right here at home” to his friend Dr. Watson.

Sherlock Holmes goes into the IoT and then takes Watson on a journey into the dark web. If you read this book you won’t become an instant cyber-security expert, but you will be a lot more savvy – and a lot more wary!

Virginia
Your Emergency Plan Guide Team

P.S. This is the kind of information that everyone should be aware of. Please forward this Advisory to friends and family and share with your neighborhood group. If just a few people take a few actions they will be safer than they were before.