The “Internet of Things”, or commonly known by its acronym “IoT”, refers to any physical objects or devices which connect and interact with the Internet.
You may even own or probably know at least one person who owns an IoT device. Some examples of IoT devices include smartwatches and fitness trackers to monitor physical activity and sleep, smart refrigerators which warn you when groceries are low, thermostats which learn your family’s routines to adjust temperatures accordingly, smart locks you can adjust from your smartphone, and plenty of other new IoT devices being constantly developed.
Although the realm of the Internet of Things can be shiny, new and exciting, IoT devices still have their own security weaknesses (in fact quite a fair share of them too).
IoT devices are just as susceptible to attacks, like any of your current devices such as your laptops or smartphones. One Kaspersky Lab researcher had carried out security tests on the vulnerability of his home IoT devices, and to no surprise, all of them failed.
The problem is; most IoT devices come from manufacturers who are not exactly placing your security as top priority in these devices. Sure these “smart” devices were designed to ease the convenience of your household chores, but their weak security stems from manufacturers who did not secure the software/firmware, network, web interface or connection. And there is often very little the consumers are capable of doing once their rogue device is infected with malware or somehow exploited as a distributed-denial-of-service (DDoS) tool.
1) Firstly, undertake some research before straight-out buying any ol’ smart toaster you see. As IoT devices are rising in popularity, so do researchers and white hackers who are fighting the good fight for us in scouring Internet vulnerabilities. Read up on any known vulnerabilities of a device before purchasing one.
2) Although it may seem cool to be one of the first to own a connected car, or kick back in your own smart home completely equipped by the latest IoT equipment, it may not actually be the wisest idea to jump on the bandwagon of new products. Much like your OS updates, a new system would probably have its undiscovered bugs and kinks. The best advice would be to wait for the device to go through a couple rounds of security updates first.
3) Do you trust the company? Have you even heard of the company? As mentioned, manufacturers of your IoT device is so vital when you are essentially trusting their product to handle your load of data, which can get really personal considering the nature of these products which monitor your daily routines, health, activity, schedules and more. Even if a company boasts a big name which has been in business for a long time, if a product is entirely a new product-type for the company, you may face glitches and bugs since it is not in their field of expertise.
4) Do you have any control over the information your IoT device collects from you? If you have bought an IoT device for your home but have virtually no control over any settings to access, delete or restrict your own information, just be prepared that you are most likely sharing a whole load of your data to be collected, which is a risk you will be taking.
Personally, would you still purchase IoT devices for your own use? Or would you stay away from them as much as possible?