What constitutes an IoT smart device and why does keeping them secure matter?
Tech publication ‘Make Us Of’ defines an IoT smart device as “a device that connects to an app, the internet, a local network, or another device using a wireless connection. The wireless connection can vary, with some of the most common protocols you'll encounter being Wi-Fi, NFC, and Bluetooth connections.” Examples of smart devices include smartphones, smart thermostats, smart locks, smart security systems, smart smoke alarms, and smart doorbell cameras. Popular name-brand smart devices include the Google Nest Cam, Amazon Echo, and the Oura Smart Ring.
Statista estimates there are 11.3 billion IoT connected devices worldwide and predicts that number will grow to 29.4 by 2030. While these devices can give users insights into all facets of life - such as one’s blood pressure or heart rate; a child sleeping; security around the perimeter of their home; and the energy usage of home appliances - they pose risks if not properly secured.
Over the past few years, there have been high-profile instances of smart-device-related vulnerabilities. Hackers were able to access the live feeds of a popular internet-connected camera and harass its users. A world-renowned hospital was informed its implantable cardiac devices had security weaknesses that could be compromised by hackers. Using a credential-stuffing tactic, in 2016 the Mirai botnet took advantage of insecure IoT devices and commandered them to launch a wave of subsequent cyberattacks.
Staying protected doesn’t need to involve fancy security bells and whistles. Hands-down, the most important step users can take is to immediately change their IoT device default usernames and passwords in favor of something strong and unique. Users should avoid using simple passwords such as ‘password’ or ‘qwerty’, as they are easy for people to guess. Repeating passwords is a bad idea, as it will enable hackers to infiltrate multiple devices.
Users who possess multiple devices would be wise to utilize a password manager so they can manage multiple passwords in a way that isn’t overwhelming. Password managers allow users to generate unique and strong passwords with random characters or passphrases that are difficult to crack. With these randomly generated passwords, individuals can avoid password reuse since a password manager creates a convenient and secure way to store them all. Password managers that enable users to access their passwords from any device, in any location and without restrictions, are the most ideal.
Users should also enable two or multi-factor authentication (2FA/MFA) for an extra layer of protection. Essentially, this requires users to take a second step beyond entering in their username and password in order to verify their identity. According to the IEEE Computer Society:
This verification "can come in the form of a one-time pin (OTP) or a verification code sent to your phone or email address that confirms that the person logging in is indeed you. Most smart devices have the multi-factor authentication feature by default, but there are some devices that don’t. In that case, you can enable 2FA by using third-party apps such as Google Authenticator.”
Lastly, keeping software and firmware updated is important, since doing so keeps users protected with patches. Updating all devices ensures they possess the latest software to combat rapidly-changing threats.