IoT attacks increase

 Article for:Everyone 

	Difficulty: Easy 

	Importance: Very 

Recently a researcher found severe security flaws in the firmware used by many IoT companies. A couple companies make the underlying firmware that is purchased and used by many manufacturers. If someone sells bad concrete, the buildings made from that concrete will be weak. In the same way, selling bad firmware means the products made using that firmware will be flawed. About 2 million devices, 140,000 in the USA are vulnerable to being taken over. This means that security cameras could allow potential criminals to watch inside your home, surely reducing your security.

In 2018 SonicWall detected 32.7 million IoT attacks, up from 10.3 million in 2017. These include both direct attacks on home and business networks to compromise banking and other information and also to create botnets to attack companies and send out spam. Most of these Botnets originate in the United States.

If you can, avoid IoT devices. Live without them. If you don't need them, don't use them. If you need them (or just really want them), try to follow as many of the 8 basic IoT security rules below.

Rules for IoT devices

Keep your IoT device behind your router's guest network. If you have a separate firewall, so much the better. That includes not only security cameras and thermostats, but entertainment devices, like TVs and Rokus.
Change the default credentials. Make the passphrase long and hard. At least 15 characters, mixed types of characters, never before printed, so not on the Internet. If you can't change the default credentials, return the product and get a different one. I wrote an article here on how to create good passwords that you can type into a device.
Update the firmware. Only buy devices whose vendors update their firmware. People write the code for these, so there will be security flaws. Only buy products that get firmware patches.
Change any other weak defaults the device might have. Turn off unneeded features.
Do your security updates first, before playing. Someone could hack you in less than two minutes. Immediately upon purchase, change your password, close unneeded features, and update your firmware.
Check your Internet connection with Gibson Research's Shields up page. See if your router has exploitable holes.
Avoid IoT devices that rely on Peer-to-Peer (P2P). These are especially hard to secure.
Pay More. Often the reason devices are cheap is that the manufacturer doesn't put money into security, and security updates.

Here is the Justice department's recommendation:

If you purchase an IoT device, do your research to ensure that the manufacturer takes cybersecurity seriously. For instance, if the device uses a password, make sure the IoT device allows you to change its password. (Some devices come with default passwords that cannot be changed.) Also, consider whether you are confident that the manufacturer will deliver timely security updates. Your device manufacturer should keep your device up to date with the latest security patches.

To keep cyber criminals out of your home, business, car, or anywhere else you may use an IoT device, it is important to make security features part of the considerations you weigh when buying an IoT device.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		IoT attacks increase Article for:Everyone Difficulty: Easy Importance: Very Recently a researcher found severe security flaws in the firmware used by many IoT companies. A couple companies make the underlying firmware that is purchased and used by many manufacturers. If someone sells bad concrete, the buildings made from that concrete will be weak. In the same way, selling bad firmware means the products made using that firmware will be flawed. About 2 million devices, 140,000 in the USA are vulnerable to being taken over. This means that security cameras could allow potential criminals to watch inside your home, surely reducing your security. In 2018 SonicWall detected 32.7 million IoT attacks, up from 10.3 million in 2017. These include both direct attacks on home and business networks to compromise banking and other information and also to create botnets to attack companies and send out spam. Most of these Botnets originate in the United States. If you can, avoid IoT devices. Live without them. If you don't need them, don't use them. If you need them (or just really want them), try to follow as many of the 8 basic IoT security rules below. Rules for IoT devices Keep your IoT device behind your router's guest network. If you have a separate firewall, so much the better. That includes not only security cameras and thermostats, but entertainment devices, like TVs and Rokus. Change the default credentials. Make the passphrase long and hard. At least 15 characters, mixed types of characters, never before printed, so not on the Internet. If you can't change the default credentials, return the product and get a different one. I wrote an article here on how to create good passwords that you can type into a device. Update the firmware. Only buy devices whose vendors update their firmware. People write the code for these, so there will be security flaws. Only buy products that get firmware patches. Change any other weak defaults the device might have. Turn off unneeded features. Do your security updates first, before playing. Someone could hack you in less than two minutes. Immediately upon purchase, change your password, close unneeded features, and update your firmware. Check your Internet connection with Gibson Research's Shields up page. See if your router has exploitable holes. Avoid IoT devices that rely on Peer-to-Peer (P2P). These are especially hard to secure. Pay More. Often the reason devices are cheap is that the manufacturer doesn't put money into security, and security updates. Here is the Justice department's recommendation: If you purchase an IoT device, do your research to ensure that the manufacturer takes cybersecurity seriously. For instance, if the device uses a password, make sure the IoT device allows you to change its password. (Some devices come with default passwords that cannot be changed.) Also, consider whether you are confident that the manufacturer will deliver timely security updates. Your device manufacturer should keep your device up to date with the latest security patches. To keep cyber criminals out of your home, business, car, or anywhere else you may use an IoT device, it is important to make security features part of the considerations you weigh when buying an IoT device. Further reading Bleeping Computer Article Krebs On Security Article Krebs On Security P2P Article Justice Department PDF Paper Date: June 2019 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk

Keeping clients' computers safe and profitable for over 30 years

IoT attacks increase

Rules for IoT devices

Further reading