42 Internet of Things

Internet connected computers are no longer restricted to what we traditionally consider to be or contain a computer. Wherever you see the word SMART with a product, it generally means it contains a computer and needs internet access. They are now part of daily life for many people, with one major UK department store stocking over 450 SMART consumer products, ranging from TVs, speakers, fridges, washing machines to home security systems. These products together with all the internet connected devices owned by organisations, like video cameras and sensors, is collectively known as the Internet of Things or IoT.

The problem we face is that vast numbers of these internet connected devices have been hijacked by cyber criminals to carry out extortion attempts via denial-of-service attacks or to get a foothold into a network. As there is no interface or screen as such, we often have no way of knowing that a device is doing anything other than what it is meant to be doing, unless you are monitoring in detail the internet traffic going through it. This has come about because many of these devices were shipped with a standard username and password, like admin or 12345678, which in some cases was hardcoded and could never be changed. Being internet enabled, all the criminals need to do is attempt to contact the internet address of the device, which they have automated tools to do so. 

So, what can you do to protect yourself if you own any SMART or IoT devices? The first thing to do is to change any generic default passwords on your devices, to something only you will know. Next it is important to check the device operating system known as firmware is up to date. If the device does not let you change the password or update the firmware, return it while you still can, because it will be a security risk. Also, avoid adding payment information to any devices like a television set.

As many of these devices are designed to notify you via your own email service or social media accounts, enable multi-factor on services you use. If you can, it is a good idea to create new separate email accounts for any IoT devices and use ifttt.com to forward an alert to your main email account. Some SMART devices require monthly subscriptions, so keep an eye out for fake email alerts or payment requests.

By restricting yourself to known reputable brands, you can avoid a lot of the headaches because in order to cut costs security was never taken into consideration. The same applies to second-hand devices, as the newer versions are often cheaper and more secure.

Index or next chapter Malvertising

Please support this website