Tag Archives: IoT

Danger (still) lurks in the Internet of Things (IoT)

CES 2016 has come and gone, and even though I didn’t attend (it’s been 15 years since I have), all of the media, both “mainstream” and “tech”, has gushed over all of the new appliances and devices that are now in the category of what we would call the Internet of Things.  Items like home security,  home lighting, and refrigerators, to name a few.

There are many advantages to having connected appliances and devices, but, as I’ve written before (here, and here), there are threats as well.  Threats that can and will be exploited if unsuspecting users don’t secure them.  Last week (1/13/2016), Dark Reading interviewed the CEO of Trend Micro, Eva Chen, and she described some very real concerns, including two “layers” of security that they offer:

The first layer of offering we do is a security API that will provide [a way] to easily do a virtual patch, to prevent a remote attack, for example . . . the third layer is cloud: IoT cannot do anything without the cloud.  Most data is sent to the cloud and you will need to have proper protection and make sure the cloud is always available.

In both situations, users are vulnerable, mostly due to their own apathy.  Users often either don’t know how to patch their own machines (and in this case, devices) or have glanced over how to do it and just don’t bother, or if automatic patching is available, they don’t enable it.  When it comes to cloud computing, most users just assume that if their data is “up there”, the provider will take care of security.

If you really want your refrigerator to automatically create a list of items for you to purchase (e.g., you’re running low on milk) and send that list to your smartphone (via Evernote or some other app), you’re going to have to be responsible for your own security.  If available on your IoT device, enable automatic download of patches and updating of your system.  Don’t configure your IoT device with the default password that it comes with, change it to a secure password (and if you don’t know if yours is secure enough, test it in The Password Meter).  Read the users manual to find out how to enable your device’s security yourself.

You want to see, via wireless home security cameras enabled through the cloud, what’s going on in your house?  Fine.  Just practice the necessary security practices to really keep your home and its data secure.

One thing you should do if you’re into the Internet of Things (IoT)

A July 7 article in Computerworld detailed The Internet of Things: Your Worst Nightmare.

Author Preston Gralla described the nightmare that would ensue when all of our home media devices, appliances, and even our electric (well, battery powered) toothbrushes are connected to a wireless access point (WAP) router.  Now I haven’t had the problem of having a WAP burn out (ever), but nonetheless, his article discusses what happens when each device has to be authenticated to the new wireless network.  After reading his article, I’m not sure that I want to be involved with IoT, but more and more of our electronics are.  It’s just a matter of time before most of our household devices are connected to the Internet.

So what’s the one thing you should do if your devices are part of IoT? You need to make sure that your WAP is secured with a nearly unbreakable password or passphrase.  Way too many users bring wireless routers into their home, connect their devices to it, and never enable the WPA2 security.  And even if they do, they usually just keep the default password (here I’m presuming it’s a simple password) or create their own simple password (“password”, “12345678”, etc.).  Full disclosure here – my ISP-provided WAP came with a default password, and I kept it.  But this password has SIXTEEN characters, randomly generated, and includes alphas and numbers.  So given that I determined it was unbreakable (well, www.thepasswordmeter.com did that for me), I kept it.  But I certainly would have changed it if it had been something simple, and if yours is, you should change it, too.

You just never know when your refrigerator is going to get hacked and start melting your ice cream!

Danger lurks in the “Internet of Things”

In How the Internet of Things Opens Your Home to Cyberthreats, the article begins by stating that “Frankemeat” isn’t the only thing you have to worry about in your refrigerator.  And in our ever-connected world, what sounds like science fiction may (or, perhaps has) become science fact.  Maybe you want your refrigerator to send a message to your Android phone that you’ve run out of milk, but there’s a danger in that.  And that is that the same refrigerator that allows you to key in a list of items to purchase at the grocery, and sends it to your smartphone, must have an IP address to do it.  And any device that has an IP address and is not secured can be susceptible to malware.  I’m not sure what a hacker would do with your refrigerator itself, but just think if you posted what you thought were seemingly confidential notes on your refrigerator’s “notepad.”  A hacker could gain access to that list.

The concept of the Internet of Things (IoT) is growing.  More and more seemingly unconnected machines are becoming connected.  You just have to have a new car that allows you to connect to Facebook (forget the safe driving, driving while distracted issues for a minute), or Pandora.  How do you think that car’s console is going to make that connection?  Your car has an IP address.  What if a hacker gets into your onboard computer, and just shuts down your car while you’re driving?  OK, so that’s somewhat unlikely.  But you had to sign into Facebook, even in your car, with your userid/password combination.  And now what happens if a hacker, and especially a criminal hacker, can access that information.  All of a sudden, information that you thought was secure has now been compromised.

So before you start connecting all of your “things” to the Internet, you had better think about how you’re going to secure them.  Or . . . alternately, don’t connect them in the first place.