The ease and convenience of connected devices have unfortunately created a minefield of security issues. When it comes to keeping data safe, most of our clients know the best practices. But these days, we have to think beyond the keyboard to all of the new devices in our homes and businesses.
An unsecured network is like a big gaping hole in your roof or leaving your front door wide open 24/7. Things can walk or crawl in and do a lot of harm without you knowing it until it’s too late.
Smart Doesn’t Mean Secure
Any smart, or internet connected device you have can be used to hack into your world.
They are called smart devices because they are able to connect to the internet through Wi-Fi or Bluetooth. These devices are also known as being in a category called the Internet of Things (IoT), because they aren’t just computers.
The list of things that can compromise your security grows every day because new “smart” devices are introduced all the time. You may not have realized it but there are things in your home that could be leaving you vulnerable to hacking. Those include things like security cameras, smart TVs, toasters, doorbells, cubes, dots, speakers, thermostats or even your refrigerator…
In the Wrong Hands, a Smart Device Can Be Dangerous
These devices can do harm to your physical and electrical network, physical infrastructure, and the strength of their security.
At the hands of a malicious attacker:
- Thermostats can be adjusted to full blast heat.
- Electronic locks controlled by an IoT doorbell or another device can be programmed to unlock the door for anyone.
A very scary vulnerability was discovered in St. Jude heart devices. Since they connect to the internet, they could be hacked into causing batteries to be drained, devices turned off, or programmed to send shocks at the wrong time. Those types of hacks could have potentially lethal effects.
Why They Are So Easy to Hack
IoT devices are notorious in the Information technology industry because they are extremely insecure devices.
Some of the key reasons for this include:
- No Firmware updates – Many IoT devices don’t receive firmware updates, which are vital for patching security flaws and keeping the device secure.
- No Customization Options – Many don’t allow you to change the default username and password.
- Default Remote Support – Many have a remote support option that is on by default. This is like a wide-open backdoor and welcome mat for attackers.
Once a hacker gains access to your network they can wreak havoc, steal information, or whatever other nefarious deeds they wish to carry out. One of the most infamous occurred in October 2016.
Where Were You the Day the Internet Almost Broke?
On October 12, 2016, a widespread attack was carried out using IoT devices. Those Internet-connected devices became part of a botnet army, driving malicious traffic toward a given target.
The name of the source code for one of those infected devices is Mirai, so it was named the Mirai Botnet Attack.
And it all started with a college student’s scheme to make money through the game Minecraft.
Paras Jha, an undergraduate at Rutgers University, had been exploring how distributed denial-of-service or DDoS attacks could be used for profit. He launched a series of minor attacks against the Rutgers systems, timed to disrupt important events like registration and midterms. Then tried to convince the university to hire him to mitigate those attacks.
He was also a big Minecraft player, and in the Minecraft economy, you can make money hosting Minecraft game servers — which leads to running skirmishes in which hosts launch DDoS attacks against their rivals, hoping to knock their servers offline and attract their business.
No Longer a Game
The Mirai Botnet Attack on October 12, 2016, went beyond Minecraft. This massive DDoS attack left much of the east coast of the U.S. without internet access.
It targeted Dyn, a networking infrastructure site that provides managed DNS (Domain Name System) services to many well-known sites such as Twitter, Reddit, Spotify, The New York Times, among others. The attack caused Dyn to crash, which took their clients’ accounts down too. Authorities initially feared the attack was the work of a hostile nation.
This event would highlight the insecurities of IoT devices and would cause many people to reconsider their uses and implementation.
How to Protect Yourself
There are several things that can be done to improve the strength of your security around IoT devices and eliminate your worries about them.
- Ensure that any IoT device you are using is configurable and the settings can be changed. If the defaults can’t be changed, everyone who has used one of those devices has the keys to it.
- When connecting an IoT device to a Wi-Fi network, ensure it is connected to a guest network, or on an isolated network. There is no reason your toaster should be connected to the same network as your server.
- Change the default username and password. Use this to make a strong password.
- Disable remote connections. If the remote connection is not disabled, you are opening the door for an attacker.
- Keep your devices up to date on firmware! When there is a software update available, install it.
- Ensure you have other adequate network protections in place. Securing your TV’s internet connection won’t keep you safe if none of your other connected devices are secure.
The recommendations above are general. For peace of mind, you need to find the potential paths for hackers in your world. The best way to eliminate security vulnerability in your home or office is to have a Sawyer Solutions expert analyze the devices connected to your network. We’ll identify areas that you don’t realize are big opportunities for hackers and offer ways to secure them. Give us a call at (844) 448-7767 or Contact Us to find out more today.
Sources:
https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/
https://www.csoonline.com/article/3258748/the-mirai-botnet-explained-how-teen-scammers-and-cctv-cameras-almost-brought-down-the-internet.html
https://krebsonsecurity.com/tag/paras-jha/
No Fields Found.