OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


IoT attacks increase

Article for:Everyone
Difficulty: Easy
Importance: Very

Recently a researcher found severe security flaws in the firmware used by many IoT companies. A couple companies make the underlying firmware that is purchased and used by many manufacturers. If someone sells bad concrete, the buildings made from that concrete will be weak. In the same way, selling bad firmware means the products made using that firmware will be flawed. About 2 million devices, 140,000 in the USA are vulnerable to being taken over. This means that security cameras could allow potential criminals to watch inside your home, surely reducing your security.

In 2018 SonicWall detected 32.7 million IoT attacks, up from 10.3 million in 2017. These include both direct attacks on home and business networks to compromise banking and other information and also to create botnets to attack companies and send out spam. Most of these Botnets originate in the United States.

If you can, avoid IoT devices. Live without them. If you don't need them, don't use them. If you need them (or just really want them), try to follow as many of the 8 basic IoT security rules below.

Rules for IoT devices

  1. Keep your IoT device behind your router's guest network. If you have a separate firewall, so much the better. That includes not only security cameras and thermostats, but entertainment devices, like TVs and Rokus.
  2. Change the default credentials. Make the passphrase long and hard. At least 15 characters, mixed types of characters, never before printed, so not on the Internet. If you can't change the default credentials, return the product and get a different one. I wrote an article here on how to create good passwords that you can type into a device.
  3. Update the firmware. Only buy devices whose vendors update their firmware. People write the code for these, so there will be security flaws. Only buy products that get firmware patches.
  4. Change any other weak defaults the device might have. Turn off unneeded features.
  5. Do your security updates first, before playing. Someone could hack you in less than two minutes. Immediately upon purchase, change your password, close unneeded features, and update your firmware.
  6. Check your Internet connection with Gibson Research's Shields up page. See if your router has exploitable holes.
  7. Avoid IoT devices that rely on Peer-to-Peer (P2P). These are especially hard to secure.
  8. Pay More. Often the reason devices are cheap is that the manufacturer doesn't put money into security, and security updates.

Here is the Justice department's recommendation:

If you purchase an IoT device, do your research to ensure that the manufacturer takes cybersecurity seriously. For instance, if the device uses a password, make sure the IoT device allows you to change its password. (Some devices come with default passwords that cannot be changed.) Also, consider whether you are confident that the manufacturer will deliver timely security updates. Your device manufacturer should keep your device up to date with the latest security patches.

To keep cyber criminals out of your home, business, car, or anywhere else you may use an IoT device, it is important to make security features part of the considerations you weigh when buying an IoT device.

Further reading

Date: June 2019

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster