Give yourself an IoT security audit
APC’s editor explains what you can do to prevent your Internet of Things gear from being unwitting contributors to hack attacks.
To anyone who keeps even half an eye on tech news, the fact that poorly secured Internet of Things (IoT) devices have powered several major internet outages over the last year will be no surprise.
Recently, however, someone’s seemingly taken the problem into their own hands, waging a war on Internet of Things devices by destroying them. A new piece of malware that specifically targets IoT devices has been named BrickerBot and, as the name suggests, it’s modus operandi is to deliberately brick any unsecured IoT devices it can find by corrupting their internal storage.
So with the prospect of your IoT gear turning into expensive paperweights, now’s a good time to audit any devices you own. IoT gear can take many forms — basically, any product that connects to the internet that’s not your smartphone, tablet or PC falls under the banner, including: Networked security cameras Home-automation gear Smart lighting Wireless routers Wi-Fi extenders Networked media players
There’s a range of factors that can make IoT gear insecure, from having certain settings deep within their firmware turned on that shouldn’t be, to using the default logins for open-source software they use and more. So here’s what we recommend you do to secure devices — note that most of these will require you to log into a device’s web interface or via a dedicated app: Change the default administrator login and password credentials Regularly update your devices to the latest firmware — set a calendar reminder to do so every 3 months Alternatively, if a device supports it, set up automatic (unattended) firmware updates that don’t require any intervention on your behalf — that way, you don’t even need to think about it If you don’t use or access your devices while you’re away from home (or work), turn off remote access
It’s worth noting that bigger, name-brand vendors are often better at issuing security updates than smaller, lesser-known companies, so if you have no-name IoT gear, it may take some digging to find security updates. If you’re unsure whether a device is secure or not, we’d unplug it until you can confirm — it may seem innocuous, but one insecure IoT gadget could potentially be a backdoor into your entire network.