Tuesday, June 2, 2020

5 Common Internet of Things (IoT) Security Issues and Fixes

Internet of Things (IoT) devices might secure you against street crime but they don’t do a great job guarding you against privacy invasions. This article explains some of those privacy concerns and how to fix them.

Let’s start by looking at the ways that IoT devices can breach your privacy, and how to avoid them.

1. IoT Home Hub Devices Record Everything

Some devices, such as Google Home and the Amazon Echo, constantly listen to their surroundings. This ensures they hear you when you say their “hotword”, or activation word, which initiates audio recording.

Of course, something that’s always listening to you poses a privacy risk in itself. There has been a lot of speculation about whether these devices are always sending recorded information home, even if the user has not activated it via its hotword.

Even if this speculation isn’t based in truth, it is a fact that home hub operators receive private voice logs after the device mistakenly heard their hotword. The BBC reported that Apple and Google have stopped its employees from playing back recordings from home hubs. This was after third-party contractors discovered they were listening to intimate moments that were accidentally recorded.

How to Fix IoT Devices Always Listening to You

While popular smart home hubs have check boxes you can tick to tell them not to monitor your voice, who knows what’s going on in the background? Imagine if a stranger was sitting in on all of your discussions, and you simply made them promise not to tell anyone what it hears. Would you trust that stranger with your private information?

As such, the best way to fix this IoT security issue is to never allow it to occur. Don’t purchase smart devices that have a 24/7 listening capability (if possible). Always-listening devices are identifiable if they’re marketed as offering voice-activation, as they need constant monitoring to listen out for commands.

2. They Can Be Hacked From the Outside

A big draw for IoT devices is their ability to receive commands from the internet. This allows users to control smart home devices from any location in the world.

This feature isn’t perfect, though. While remote smart home control allows location-independent control and monitoring of your home, it also opens the door for hackers to do the same. Hacking is one of the scariest IoT privacy concerns, as people all around the world can gain access to your home uninvited.

It sounds like something out of science fiction, but it’s, unfortunately, a reality. Trend Micro claims their software blocked 5 million hacking attempts on IoT cameras, 75 percent of which were brute force attacks.

How to Fix IoT Problems With Remote Hacking

To fix this problem, you need to set up a proper remote system that can keep hackers out.  Given that hackers are mostly using brute force techniques to break in, your system needs to be strong enough to resist a barrage of attempts.

Secure your account with a strong password, and use a two-factor authentication device if it’s supported. These will both stop a hacker from getting easy access to your home.

3. Devices Don’t Use Encryption

This is a giant red flag for anyone who cares about their privacy. Zscaler reported that from the 56 million transactions that passed through their cloud from IoT sources, 90% of them were sent as plain text. This means no effort was made to encrypt them whatsoever; anyone could analyze the packets and extract its data.

How to Fix IoT’s Lack of Encryption

Only use IoT devices that properly encrypt their data. Hopefully, the product will state its encryption type on the box or advertising. If it doesn’t, it’s a good idea to play it safe and not purchase it.

At the very least, you could get it and take care of what data you send; never use it for anything you wouldn’t want someone else to see.

Another option is to use a VPN’s encryption scheme on your network, like OpenVPN. Some routers allow for the user to configure a virtual private network, or VPN, on it. A VPN installed on a router allows the user to encrypt and route all their traffic through a third-party server. That would prevent any third-party snoops from inspecting whatever data is transferred between you and the end point.

4. IoT Devices Aren’t Properly Updated

Devices that undergo pressure from hacking attempts should be properly equipped with the ability to receive patches. If an exploit is found in a device, the news can spread quickly amongst the internet, which puts every owner of that device at risk.

A security patch is the best way to combat these flaws as they appear over time. However, the world of IoT has some severe patching issues. Devices may have very barebones support after release or have no means of being patched whatsoever.

A device may have the foundations for security patches, but in the quick world of IoT, the company behind it may go out of business, leaving the device stranded without updates.

How to Fix It

Unfortunately, there’s no way you can actively patch your IoT devices. Fortunately, you can take measures into your own hands by choosing companies with a good reputation or look for open source IoT devices

Putting your faith in a start-up may mean their lack of experience will cause slower updates; that is if they don’t go out of business. Larger businesses will have more experience, faster patch response times, and are far less likely to fold.

5. Devices Use Default Factory Passwords

A default password is a hacker’s favorite way of cracking devices. Some companies will give each device an individual password to prevent this flaw, but others will set the same password for all the devices they create.

If the users of these devices don’t bother changing the password, hackers can learn of the factory default login information and test it on all the devices they can find. They’re bound to find a few that still has the out-of-the-box credentials, which gives them unprecedented access over the device.

The default password problem is so bad, WeLiveSecurity reported on how California has banned any device that shipped with a default password.

How to Fix It

If any devices you purchase have a default password, change it right away. Keeping the old password is leaving the door open for any potential hackers that know the credentials for your particular device.

Improving Your IoT Security

IoT is currently full of security holes, which makes it hard to trust them with your privacy. By taking some proper precautions, you can enjoy IoT devices without handing over your details to hackers.

One highly effective method for improving IoT security is using a virtual private network (VPN) with either a router or a Pi-Hole. VPNs can disguise the location of where your IoT traffic originates. However, it requires that the user install a Pi-Hole (which is a Raspberry Pi that routes traffic through a VPN) or install a VPN on their router.

Read the full article: 5 Common Internet of Things (IoT) Security Issues and Fixes



from MakeUseOf https://ift.tt/2zMs8CT

No comments:

Post a Comment