IoT devices are more popular than ever. In fact, it’s estimated we’ll see around 25 billion of them by 2021. That’s great news since smart devices are just so convenient.
However, they also have a darker side not many people talk about – their lack of security.
Wait – Aren’t IoT Devices Safe to Use?
Well, to a certain extent, IoT devices are okay to use.
But a lot of them don’t really have built-in security, so it’s very easy for hackers to exploit them.
Here’s what I’m talking about:
- Many IoT devices lack system hardening.
- Way too many IoT devices use default and hardcoded passwords, which cybercriminals can easily crack.
- Some smart devices don’t have built-in automatic software updates, which makes them vulnerable to new threats.
Things are so bad that IoT device vulnerabilities have doubled since 2013.
What’s more, back in 2017, around 78% of enterprise IT decision-makers made it clear they were sure their organizations would experience data theft and loss within the next two years (so, by 2019).
So What Kinds Of Risks Are You Facing?
If you don’t take IoT security seriously, you’re pretty much giving hackers the power to abuse your smart devices. Here are just some examples of what might happen:
- A hacker could exploit your voice assistant by using voice theft, and trick it into giving him/her access to any data you shared with the assistant – including passwords and credit card info.
- Someone could hack any smart camera in your home, and use it to spy on you, add it to a network of remotely-controlled cameras, or just start insulting you.
- A cybercriminal could actually hack your smart home system and use it to scare you by playing loud music and raising the temperature to 90 degrees.
- Hackers could use phishing attacks to compromise your smart door, and make it open for them.
- Cybercriminals could take over your smart home’s system, and hold it hostage until you agree to pay them a huge ransom.
- Okay last example – a hacker could actually break into your smart coffee maker, and turn it into a ransomware tool, or use it as a gateway to spy on all the IoT devices in your home.
The examples can go on and on. Seeing as how many IoT devices can just be hacked in 30 minutes with a simple Google search, it’s clear cybercriminals have tons of options at their disposal.
How to Really Secure Your IoT Devices
Here’s what you can do to make IoT devices a lot safer:
1. Change the Default Username and Password
Did you know a hacker can actually find the username and password for your smart devices (and router) with just a Google search?
All they need to do is find the model of the device or router, Google it, and look for the PDF manual for it. The default username and password are usually there.
So make sure you reset them to something more complex – use a mix of numbers, symbols, and uppercase and lowercase letters to be sure. You can also use a password manager to keep track of all passwords.
2. Change the Default Router Name
Any router comes with a predefined name. It’s the one the manufacturer assigns, and it’s usually the router’s model.
It doesn’t take a rocket scientist to realize why you should change it. If a hacker sees the router’s name, they can easily find the model. With that info, they can find the default username and password like we mentioned above.
Also, to be extra safe, rename your WiFi network too. You don’t need random people or cybercriminals learning stuff about you from it.
Basically, don’t use a name like “My Home” or “[Your Name] Network.” Keep it vague like “[email protected]” or “Joe Mama.”
3. Use a VPN
A VPN is an online service that hides your IP address and encrypts your Internet traffic. While VPNs don’t normally work on IoT devices (they don’t have native support for them), you can set up a VPN on your router.
That way, any smart device that connects to the Internet through your router will use the VPN connection.
In that case, no cybercriminal would be able to monitor your Internet traffic to see how your IoT devices are communicating with the web and with each other. If they try to take a peek, they’ll see nothing but gibberish.
Oh, and you can also use a VPN on your mobile device when you’re not at home. Doing that means your traffic is no longer exposed when you use unsecured public WiFi to access your smart devices at home.
Also, hackers won’t see your real IP address anymore.
Why does that matter?
Because your IP address can give out sensitive info like:
- What country you are from.
- What city you live in.
- Who your ISP is.
- What your ZIP code is.
To find the right VPN for you, and the right VPN for Tomato or DD-WRT routers, be sure to check out the guides from ProPrivacy. They’re extremely helpful, and offer in-depth info in an easy-to-read format.
4. Set up a Guest Network
While not necessary, guest networks are a good way to protect your main WiFi network. The idea is to give anyone who comes over access to the guest network, not your own network.
Now I’m not saying your friends and family are looking to hack your smart devices, but it’s better to be safe than sorry. Plus, if they bring over someone you don’t know too well, a guest network will really feel like a godsend.
5. Use 2FA
You should always enable 2FA (Two-Factor Authentication) on your IoT devices since many of them have that feature. Basically, you’ll get a randomly-generated code you need to enter when you log in, which is a great extra layer of security.
If your smart device doesn’t support 2FA, the only thing I can recommend is getting one that does. It’s a security feature that’s a must nowadays.