IoT Security
Is your Fridge a Cyber threat
Chuck's Cyber Wall
This past weekend reminded me just how easy it is to lose track of IoT Security. Last week, I talked my wife into letting me get a fancy new WiFi router. Compared to my old router, it has better speed, a longer range, more bandwidth, improved security, and the ability to conveniently manage all our devices. After setting it up, I easily connected everything and blew my wife away with the WiFi 6E speeds.
While cataloging devices, I found everything I expected—and then something unexpected. The refrigerator we bought two years ago appeared on the list of devices. But I disabled the wireless after we got it as we did not need the feature at the time. Fortunately, I’d changed the admin credentials before turning off the wireless, but how did it get turned back on?
It turns out that an automated app update on my smartphone was responsible, leaving my home network vulnerable to attack.
WAIT, IS MY FRIDGE A CYBER THREAT?
No, I’m not implying that SkyNet will transform your refrigerator into a killing machine. This is about cybersecurity holes in the Internet of Things (IoT).
These days, finding appliances that don’t connect to the internet can be a challenge, let alone all the things we buy specifically for that purpose. Technological advancement allows us to answer doorbells remotely, track our steps, and even have coffee made for us when we wake up or arrive at work. It’s like having a virtual assistant.
A virtual assistant who learns a lot about us and lives on our network. But what do we know about it?
To answer that question, we need a better understanding of the IoT.
INTERNET OF THINGS (IOT) HISTORY
Computer and technology companies have long been trying to find a way to incorporate virtual assistants into our daily lives. Just ten years ago, as Siri’s popularity began to bloom, an AI virtual assistant still seemed more science-fiction than reality. After all, Google had been processing voice-based searches for some time, adding voice search to the Blackberry Pearl all the way back in 2008.
Perhaps spoiled by the concept of Rosie, Hal, and Jarvis having so many capabilities, these services were not particularly satisfying to use for most people. But as smartphone capabilities grew, a demand for more services followed. Now, estimates indicate that more than 128 million people in the US use voice assistants and smart speakers, with that trend expected to grow exponentially in the US and worldwide.
WHY IS THIS IMPORTANT?
Automated devices need an exciting interface to draw in consumers. That same science-fiction voice-based concept that spoiled us ten years ago is now one of the driving components. How strong is that drive? There are more than 400 million devices that support Google Assistant.
Those connected devices, and a growing number like them, make up the IoT.
HOME AND BUSINESS
Smart speakers are popular at home, interacting with security systems, smart thermostats, appliances, and entertainment systems. As much as the voice component continues driving this, access through our smartphones continues to push their popularity forward. And not just at home. Many businesses have incorporated smart thermostats to better control heating and cooling costs. Being able to set and easily adjust light timers improve security and helps to control electric costs.
A handful of smart devices can help small business owners to manage costs that could be the difference that makes them profitable or gives them the ability to expand.
We love smart technology for its convenience, and many pay for themselves over time. Let’s look back at that smart fridge. Aside from alerting you if the door is left open or you are running low on ice, it can detect items stored in it, keep track of expiration dates, and even monitor usage. Instead of wondering if you’re out of milk at the grocery store, you can just check with the fridge. It can even provide lists of items no longer in it to help you with your shopping list.
This is the level of convenience we want from our virtual assistants at home and work, which is why my wife and I are now starting to use our smart fridge!
IoT SECURITY
You have to ask yourself why tech companies are driven to provide us with virtual assistants. Sure, they want to sell us more connected devices, but they also get to learn more about buying behaviors, interests, and habits. That information is arguably more valuable to them than purchasing the device itself. It is a constant stream of marketing information to design better products and make more appealing advertisements.
As privacy laws continue to address this, much of the data is de-identified, meaning it doesn’t include specific identifiers such as name, email address, location data, or internal identification numbers. But other information, including general demographics, is combined with this data stream to produce valuable data analytics.
The benefit to all of us is that companies can make more relevant products with features we want and offer overall better customer services and experiences.
The downside is that smart devices require more from our networks and represent a potential security threat. While legitimate companies are compelled to follow the rules and de-identify data, hackers are under no such obligation – they make money by stealing personal data.
IoT SECURITY THREATS
We estimate that there are around 25 billion connected devices globally, with that number doubling by 2030. When it comes to the Internet of Things, security experts have a ton of concerns, including:
- A lack of data encryption
- Weak, easily guessable, or unchanged admin passwords
- Few mechanisms for security updates and reminders
- Insecure network interfaces and applications
- No central device management options
- Insufficient Privacy Protections
- Susceptibility to Botnet attacks
- Data transfer and storage security concerns
- Record all the information about the devices, including MAC address, IP address, serial number, and location.
- Change the admin password immediately, and use a Strong Password on the device and any associated accounts.
Anytime a new device is introduced into a home or business, it should be controlled and configured with security in mind. Inventory them like a new computer or mobile device, so you know exactly what devices you have in your environment. Physically secure each device when possible. That means mounting them appropriately, keeping them away from areas they can be tampered with directly, and making a habit of checking them for tampering. Also, all the information the device gathers should be mapped, including areas covered by cameras or sensors and all credentials.
AWARENESS IS THE BEST DEFENSE
With a bit of forethought and awareness, there’s no reason we can’t enjoy the benefits of the Internet of Things without having to worry about cybersecurity problems with the fridge.
At Clark Computer Services, we have the cybersecurity expertise you need, whether its help with compliance, securing your network, getting security software onto your computers, and more. Contact us at 301-456-6931 or [email protected] to see how we can help you and your business get Cyber Secure!
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small business, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com