Technology Reports:

The ‘Internet of Things’ & our security – Should we be worried?

Internet Security – Basic Recommendations

We all know that maintaining the security of our complex gadgets (computers, Smart Phones etc.) has become more and more important as the information that is held on them becomes more valuable to the so-called ‘Cyber Criminals’.

In an earlier section of this article, we highlighted the enhanced risk presented by the addition of low cost / low security ‘Internet of Things’ (IoT) devices to a home network.

If you are concerned about the security of your home network (and we all should be), then here are some of the things to look for and some of the simple ‘common-sense’ precautions that you can take yourself (with apologies if any of the following are ‘stating the obvious’!).

-   Access Control (User Name / Password):

Never, never, never leave the ‘Username’ and ‘Password’ set to their defaults (often ‘Admin’ and ‘Password’) – change both, if you can, to difficult to guess versions. A password in particular should be at least 8 characters long (longer still is better) and incorporate both lower case and upper case letters (not in obvious places), numbers and ‘special characters’ (e.g. # { + ~). As these more complex passwords are pretty much impossible to remember, make sure to store them in a secure place (there are some good applications for doing this on PCs, Macs and Smartphones).

-   Internet Safety:

It should hopefully go without saying, but never click on any link / attachment in an email, unless you were expecting such an email from a specific contact. Email accounts / address books can be hacked, email addresses can easily be ‘spoofed’ (made to appear to come from a particular address when they aren’t) and emails from trusted sources (e.g. banks, government agencies) can be faked.

-  Internet Security:

Antivirus and Firewall software will only protect the device on which it is installed and is only useful if it is kept up-to-date. The most important Firewall in your network, therefore, is that on your router (as this forms a barrier in front of everything else on your network). Keep the router firmware up-to-date to ensure that you have the best possible protection. If not already disabled by default (as it often is), ensure that the ability to access the management pages of your router interface remotely is blocked.

- WiFi:

Make sure that you are using the most secure encryption standard on your WiFi network – this is currently the WPA2 standard. Although all WiFi encryption standards have been ‘hacked’, to do so for the older WEP standard (and interim WPA standard) is trivial, whereas hacking a WPA2 network requires  considerable time and effort. There are a number of recorded cases of hackers sitting outside an address  and breaking into a home WiFi network with lax security.

- Software Updates:

Check regularly for software and firmware (the software that runs our devices) updates – more sophisticated equipment and programmes tend to do this automatically, but you may have to search the manufacturer’s website yourself for more basic devices. Always apply these updates / patches as soon as you can – 9 times out of 10, most of the changes in these updates are associated with security!

- Email:

If possible, send / receive your emails using an encrypted protocol – check with your ISP or mail service provider for how to do this (typically using the ‘SSL’ protocol). This makes it very hard for 3rd parties to ‘eavesdrop’ on emails sent between your devices and your mail service provider’s server (which, after all, are travelling through the public internet).

- Manufacturer’s User Accounts:

When selecting IoT devices, look for those that require you to set up an account on the manufacturer’s website and for which any remote control ‘App’ does not require information on your own IP address (your unique address on the internet).

By routing everything through the manufacturer’s own servers you are placing an additional barrier between you and the ‘bad guys. It is also likely that a much higher level of security has been utilised here and that the security is as up-to-date as the manufacturer can make it.

For example, most of the Smart TVs on the market access all their available streaming services and the internet via the manufacturer’s own servers. Many IoT home heating devices also provide remote access via the manufacturer’s own website and communicate with their own custom ‘gateway’ device via a completely separate wireless network (i.e. not WiFi).

- Port Forwarding:

- For those of us using ‘port forwarding’ on our home router (opening specific ‘ports’ on the router to allow direct external access from the internet, through the router’s Firewall, to certain devices on the network), it is important to try to limit the number of open (forwarded) ports and where possible to use ‘non-standard’ port numbers. Hackers often use software that will scan all the ‘standard ports’ (80, 8080 etc.) for open connections and attempt attacks through any found to be open.

Back to Technology Reports

TechReport (UK)