When it comes to cybersecurity in the smart home, “People don’t even know what they don’t know,” writes techrepublic.com’s Karen Roby. “They have no idea what should be important when they’re buying these devices that they’re putting all over their houses.”
Connecting all of these snazzy new devices opens up homes to serious vulnerabilities. A number of attacks have made headlines that sound like something out of a horror movie, from hackers using refrigerators and TVs to send spam or infiltrating baby monitors to talk to children. Many of these hacks don’t target the devices themselves, but rather use Internet of Things (IoT) devices to gain entry into the larger network.
That said, there is much that installers and consumers can do to ensure home data security in the IoT age.
Cybersecurity problems with IoT
Security measures have not always kept up with the capabilities of IoT devices. Manufacturers often don’t make security a priority in the design stage, as built-in security can add R&D time and cost. It can also cause the device not to function as desired. As a result, many devices do not contain the computer resources necessary to implement strong security. Instead they come with hardcoded or default passwords that hackers can easily breach.
Advanced security features are seldom implemented. A sensor that monitors humidity or temperature cannot handle advanced encryption or other security measures.
And many IoT devices are “set it and forget it”— placed in the field or on a machine and left until the end of its life without ever receiving security updates or patches. Other systems include support for security updates for a set timeframe that is less than the lifetime of the device.
Meanwhile, older devices that were not originally designed for IoT connectivity likely have not been updated to have security against modern threats. The ease and potential of attack is greatly increased through the use of these legacy assets, which are costly to replace with updated tech.
IoT security also lacks a single agreed-upon industry-accepted framework. Different companies and organizations may have their own specific standards. Certain segments, such as industrial IoT, have proprietary standards that may be incompatible from industry leaders. The disparity between standards can make it difficult for different systems to work together.
What can be done about IoT security
There are a number of measures installers can take to increase the security of their customers’ connected homes. These include using a router with a firewall and setting up Wi-Fi protected access (WPA2) encryption protocol.
Segmenting IoT devices that need to connect directly to the internet into their own networks can help defend against attacks. These network segments are more easily monitored for anomalous activity.
Security gateways act as an intermediary between IoT devices and the network. The gateways have more processing power, memory and capabilities than the IoT devices themselves. They can provide the devices the ability to implement features such as firewalls to ensure hackers cannot access the IoT devices they connect.
Installers can also warn consumers of the dangers of IoT systems and suggest steps they can take to stay secure, such as updating default credentials and applying software updates to security weaknesses. Providing means of updating devices and software is critical. End-users can also use a password manager to create hard-to-crack passwords, as well use two-factor authentication.
Your clients can also update default credentials, apply software updates, and reject devices that don’t meet high security standards. And, end-of-life strategies should be considered as well. One bright spot on the horizon is optical networking. As this comes to play an increasingly significant role in infrastructures and systems, machine to machine (M2M) communication will become more reliable and more secure. The signal is difficult to intercept, and a fiber optic network allows faster response to attacks.
As more homes become connected and IoT devices proliferate, cybersecurity will be a greater concern. It’s a problem that can best be solved by manufacturers, installers, and consumers working together.