Security in the Days of The Internet of Things

Networking, connecting to the internet, wi-fi and home entertainment
User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Security in the Days of The Internet of Things

Post by BobH »

We have acquired a number of devices that connect to the Internet via wifi. Amazon's Echo is the most recent but we have a number of others. Because I've read of malware entering via these types of devices, I'm concerned.

First, I don't know how the attacks happen, or in other words what the vulnerable components of my home LAN are. Without understanding how the attacks infiltrate and operate, I don't know how to defend against them. For example, assuming these attacks come via the broadband connection to the Internet, wouldn't the hardware and firmware firewalls prevent attacks? Or, are the devices, being wifi connected, vulnerable to sniffing or other technology that might co-opt their connections to my LAN?

I would appreciate any information you can provide including links to net articles that might help.

:xgrin: :chocciebar: :thankyou:
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Security in the Days of The Internet of Things

Post by StuartR »

Firstly you need to understand that the S in IoT stands for Security.

Many of these devices require an internet connection in order to operate, even if all their activity is within your LAN they may go out to the Internet to check for and download firmware updates. As soon as something is communicating with the internet it is vulnerable, and unfortunately the level of security in most IoT devices is very low. There are people out there working very hard to find the vulnerabilities and then scan the entire internet for these vulnerable devices.

It won't be long now till your toaster and microwave oven are used to launch an attack on your fridge.
StuartR


User avatar
Jay Freedman
Microsoft MVP
Posts: 1313
Joined: 24 May 2013, 15:33
Location: Warminster, PA

Re: Security in the Days of The Internet of Things

Post by Jay Freedman »

StuartR wrote:It won't be long now till your toaster and microwave oven are used to launch an attack on your fridge.
Joking is fine, but the truth is that your toaster/microwave/fridge/Alexa may launch an attack on your router, and from there into your computer(s).

Not only is the security level in many IoT devices inherently low, but they don't generally demand that each user must change the default password or take other reasonable security precautions. In a world where the most common password is something like 1234, that's begging for the devices to be recruited into botnets.

The security steps you can apply yourself depend on what tools the IoT vendor has given you. At the least, read the instructions that come with each device to see how to set the password, and set a strong one. If you can, close any ports that aren't absolutely necessary.

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: Security in the Days of The Internet of Things

Post by StuartR »

I agree with that Jay, and in addition block all internet access to and from every device, unless it REALLY needs it
StuartR