A very important branch of technological advancement is based on comfort, from it was born the idea of smart homes and of all the devices that would make our lives easier by performing tasks for us. From this source the virtual assistants like Google Home or Amazon Alexa. Thanks to them we can ask their star devices for simple things, such as the time or the weather, even other types of work such as turning on lights, putting on music, announcing a message on all the speakers around our house, opening or closing blinds, adjust the temperature of the heating of our house or connect devices such as the well-known automatic vacuum cleaners.
All this and many more things from a practically unlimited list, it can be scheduled for a specific time, or when we give a personalized order to our assistants. With this, actions are achieved such as that at a certain time the lights of a room are turned on, music is put on and they say good morning along with the list of tasks that we have planned for that day.
Growth of IoT devices and cybercriminals
This trend does not stop growing, more and more of these devices are sold every day, which we install following the instructions, but without realizing that, like any device that we want to connect to the network, it is susceptible to being attacked by those people who normally do not have good intentions, cybercriminals.
There have been cases that have been quickly viralized, for example, those dolls that have recorded personal information as well as children’s conversations with their parents, kitchen robots that stored their owners’ data, as well as the case revealed by researchers from a well-known North American company in the field of cybersecurity in which they infected a Phillips smart bulb and from there they managed to access a computer on the same local network and steal its information.
What to keep in mind when buying an IoT device?
Each IoT device depends on communication protocols used by the manufacturer that created them, which adheres directly to the cybersecurity policy that it has. Most of the devices we have on the market are “maintenance-free” devices, that is, we pay for the device and we do not make any more expenses related to it. This may be a mistake, as These are devices that do not receive regular updates against new threats and they are only intended to deal with the threats that existed at the time of their design.
In reality, there are very few devices that carry a maintenance on them which is subject in most cases to a subscription which we must pay monthly to be protected against the attacks of new vulnerabilities that arise for this type of device, as is the case with Nuki’s automatic locks. This manufacturer focuses its efforts on keeping its devices up to date with any new attack, since they protect a fundamental point of our homes, the front door.
This brings us to the fundamental point for the protection of our home, the final user configuration on the router. This configuration, by default, is carried out by our network operator, which follows its own parameters that are not focused on this type of technology.
How to reinforce security on our devices
Each IoT device has its own application, this application will need us to log in with a user and a password, which we can change, but most users leave the information that comes by default, which is one of the first and largest mistakes we make when configuring an IoT device, we will always change the username and password for these types of applications defining one that, at least, cannot be deciphered by some behavioral engineering attack (a mother’s birthday, date of birth of a child or the name of a pet).
We must also pay attention to the place from where we make the connection, today, we can act on all the devices of our smart home both from within the home connected to the Wi-Fi network, and outside it connected by 3G / 4G / 5G. We can and must restrict access to these devices from outside, or at least hire a Cloud service that verifies access from outside in a secure way.
We must also review privacy settings on IoT devices, These permissions are configured by default and are really open to collect all kinds of information, but above all, commercial information so we recommend restricting it.
And finally, and I think more important than the rest, we must create an extra Wi-Fi network only for IoT devices in which we will not connect any equipment with essential information such as computers, smartphones or tablets. We will create a new Wi-Fi network and assign it a WPA2-PSK encryption. We will also disable the WPS function for greater security.
By following these tips we will avoid any unnecessary scare, and we will have all our data safe from malicious attacks by third parties, we can make our life much easier and more comfortable inside our home thanks to the world that IoT devices offer us, but we cannot forget of security in no time so that safety and comfort can coexist under the same smart roof.