5 Security Tips That Will Help You Protect Your IoT Devices
There’s a dark side to anything popular. Anything that grows eventually has to face a number of threats trying to bring it down or exploit it. It seems that the Internet of Things is becoming the next best thing in the cyber world, and that, as a rule, opens an entire can of Internet of Things vulnerabilities.
In this entry, we would like to draw your attention to the problems you might experience due to your IoT device. We will give you a short overview of the threats that Internet of Things faces, and then we will go through several tips that will help you protect your devices from malicious exploitation.
Table of Contents
What is Internet of Things?
Technically, Internet of Things is a group of devices that are connected to the Internet. While most of us usually think of computers and mobile phones when it comes to the Internet connection, the truth is that these days you can plug almost anything into the cyber world. It can be your surveillance camera, your heater, your watch, or your refrigerator.
We actually covered the topic of the Internet of Things in greater detail here, so if you want to find out more, don’t hesitate to check out our previous blog post. The point is that, if an IoT device is connected to the Internet, it means it has an IP address, and its presence is mapped. It leaves a trace in the cyber world. Anything that leaves a trace can be used. Anything that is connected to the Internet can be used AND misused, too. Therefore, we have to be aware of the Internet of things vulnerabilities to protect our IoT devices, our networks, and our personal data.
The security woes of Internet of things
Since the network of Internet of things is getting bigger, it is only natural that the number of cyber attacks against IoT devices is growing, too. According to the Kaspersky reports, the first half of 2019 saw more than 100 million attacks against smart IoT devices. Compared to the number reported for the first half of 2018, the attack instances rose almost nine times. It seems that the rise of attacks is proportionate to the growth of the IoT network, as the IoT markets are expected to double by 2021.
You probably wonder, why would anyone want to hack your smart fridge? Or what’s the use of exploiting your router? For the most part, hackers can exploit Internet of things vulnerabilities to create powerful botnets. These botnets can be later on monetized for Distributed Denial of Service (DDoS) attacks or used as proxies for a variety of other malicious actions. The most important thing here is that victims often are not aware of the fact that their IoT device has been compromised.
Does that mean that the attacks are highly sophisticated? Not really. The attacks are quite basic, but everything happens behind the user’s back, so the device can remain compromised for a while before anything is done about it.
There are three main malware families that are responsible for these attacks: Mirai, Nyadrop, and Gafgyt. Mirai and Nyadrop are the biggest groups of infections. Mirai uses old vulnerabilities in IoT devices to hack them, while Nyadrop and Gafgyt employ password brute-forcing to crack the device. Although there are multiple ways to help you protect your IoT devices, the most common infection vectors give us a good idea from where we can start.
How to protect IoT devices
1. Update your device regularly
Malware families like Mirai exploit vulnerabilities that are present in the old software versions. If you haven’t enabled automatic update feature on your IoT device, you should do it right now. Updates come with the latest security features and vulnerability patches that will help you avoid potential hacking attempts.
2. Use strong passwords
As mentioned, password brute-forcing is a common way to hack into the Internet of Things devices. However, strong and unique passwords make it harder to achieve that. If you don’t think you can create a strong password and change it regularly, you should employ Cyclonis Password Manager. This free tool can generate and store passwords for you, so you won’t have to memorize anything. And your IoT device will be protected from malicious attacks.
3. Be careful of public Wi-Fi networks
When we think about wearable IoT devices, we have to remember that they often have to connect to Wi-Fi networks to store your personal data. Needless to say, not all public Wi-Fi networks are safe enough for private data transfers. So, if you know that you will be in a place with a shared network, maybe it’s for the best to leave your wearable device at home. You don’t want your data hacked by a malevolent third-party that might be “listening” in on that network!
4. Cloud storage risk
Cloud storage technology is probably one of the best things out there, and it is also a good remedy against the threat of a ransomware infection. However, you should seriously consider whether you really want to connect EVERY SINGLE IoT device to a cloud. We have to remember that we need a connection between a device and the cloud service to access your data, so if your device gets compromised, the data that you keep on the cloud might become accessible, too. Weigh all pros and cons, when you choose the devices you want to connect to your cloud.
5. Turn off UPnP
UPnP stands for Universal Plug and Play. It’s a set of networking protocols that allows several devices connected to the same network recognize and connect to each other. This feature is good when you need that connection between your devices, but it would be better if the feature weren’t automatic. The problem is that with the UPnP turned on, any IoT device could be vulnerable to outside access. And we definitely want to avoid that.
All in all, if you go through all the IoT device features carefully, you will definitely see what you can do to improve the overall IoT security level. Don’t forget that you can always consult a professional if you feel at a loss.