According to Gartner, by 2020 there will be 20.8 billon devices connected to the Internet. To provide a bit of context, the U.S. population is 318 million, and the worldwide population is 7.5 billon, which means there will be roughly 3 devices per every 1 person on Earth. These devices include everything from smartphones to home automation tools to cars, and everything in between – all connected to the internet and accessible.
Historically, one of the biggest threats to security has been ease of use and conveyance for the end-user, which has never been more true than it is right now in relation to deploying consumer devices connected to the Internet of Things (IoT). Consumers devices make up the single largest segment of IoT devices and because of that, plug and play, ease of use, zero configuration devices are in high demand and manufactures are listening. Ease of deployment has, unfortunately, resulted in in a huge lack of proactive security measures including patching vulnerabilities within firmware or operating systems which renders most devices connected to the IoT exploitable.
Alarmingly, it isn’t very difficult to find IoT devices that are connected and available for access. Utilizing search engines like Shodan you can quickly create search for IoT devices such as web cameras, routers, firewalls, and smart TV’s, and determine their locations. Many of these devices are using default user names and passwords which can also be easily discovered with a quick internet search.
Due to this lack of security and ease of identifying vulnerabilities, exploits and locations, individuals are at risk of being targeted which, surprisingly, doesn’t seem to be a huge concern among consumers. A recent survey of 2,000 households found that 66% of consumers are more concerned with the price of their devices rather than the privacy and security features they may offer. As more of these devices are being deployed in households the risk of a security/data breach increases.
Protecting your IoT devices not only protects your privacy but protects the privacy and security of the entire Internet community. Compromised devices can become infected with malware and become part of a large army of botnets used to attack other users or services on the Internet. A recent attack on the infrastructure of the internet cause an large scale outage that lasted hours. Users and manufactures have a responsibility to secure and protect the devices that are attached to the internet.
Until manufactures build higher levels of security into these devices, there are some easy measures that can be taken to secure your IoT environment:
• Evaluate whether your device has to be connected to the Internet. Just because it can doesn’t mean it’s necessary 100% of the time.
• Change the default user name and passwords that your device came equipped with. If this is not possible, do not deploy the device.
• Create a separate network for these devices. Putting your IoT devices on a separate network from your computes and files will allow your IoT devices access to the internet, but not the primary network that stores your private information.
• Disable universal plug and play (UPnP). This protocol makes it easy to deploy devices, however it’s also a large security risk as these devices could be discovered beyond your local network.
• Make sure you can update the firmware. If this is not possible do not deploy the device. Updating firmware is critical and should be done regularly as updates fix vulnerabilities within the software (firmware) that controls the device.