You’ve unwrapped all the gifts and taken down the Christmas tree. Now it’s time to start thinking about securing the smartwatch, digital thermostat and other Internet-connected devices that were left in your stocking.
Despite their small size, these devices are full-fledged computer systems that can be hacked as easily as a desktop or laptop, said Amit Serper, senior information security researcher at Cybereason.
Device security is often an afterthought as manufacturers rush to get products to market as soon as possible, especially in time for the Christmas shopping season, he said.
Additionally, embedded systems, which are more commonly known as smart gadgets or IoT devices, are often built with old and buggy open-source operating systems and software. Vendors rarely check the code to make sure it’s secure since this process can prove time consuming and impede product development.
1. Avoid exposing embedded/IoT devices directly to the Internet even if that’s their sole purpose. To isolate IoT devices, and essentially your entire internal network, from being accessible directly by anyone on the Web, install a VPN (virtual private network) server. Consider enlisting the help of a tech-savvy friend to complete this task.
2. Never expose your home router’s administration panel to the Internet. If you have to, use a VPN connection.
3. Don’t buy IoT products from unknown vendors. Some of these manufacturers have completely disregarded security measures. Keep in mind that even devices from brand-name manufacturers can have vulnerabilities. However, since these products are usually scrutinized by security researchers, there’s a better chance that their flaws will be discovered and fixed by the vendor.
4. Look for firmware upgrades. Many times, users aren’t aware of these updates and ignore them. Firmware upgrades are meant to add features to products and resolve security issues. Check the product page on the vendor’s website for information on firmware upgrades.
5. Educate yourself on security. Hackers count on consumers to make their job easy by partaking in risky and insecure online behavior. Don’t adopt the mentality that the basics of online security are too difficult to learn or think you’ll never be hacked. This mindset only helps the attackers and decreases consumer safety.
Although breaches are becoming larger and hackers are getting more brazen with their attacks, people shouldn’t become disheartened. The companies targeted by attackers have thousands of failure points. Consumers, on the other hand, are dealing with a much smaller and manageable attack surface, one they can greatly reduce if they invest time and energy in security.