Taking IoT Home for the Holidays

By Thomas Sager | December 07 2018

The holidays are a time of family, friends, and finding the perfect gift; but, beware the perfect gift might come with a few unwanted extras. When you’re shopping for your holiday presents, it’s worth considering the security concerns that come with internet-of-things (IoT) or “smart” devices.

Things to consider before purchasing an IoT device:

  • Does the device have a camera, microphone, or location capabilities?
    • Any device with these capabilities can expose private personal information and securing these devices should be a priority.
  • What company makes the device?
    • Not all vendors are the same. If the company is unfamiliar, it’s worth searching to see if they’ve been caught selling insecure devices already.
  • Does the device or manufacturer have an easily found privacy statement?
    • A device with documented privacy or security policies can be a sign the company takes security seriously. Look for any information on data encryption and whether you can contact the company to have your data deleted.

Now, of course, just because there are risks with “smart” devices does not always mean the gift is not the right one. So, here are some tips on securing these devices, so they are safe and secure.

Ways to secure your IoT devices:

  • Change the device name and password.
    • The default name identifies the type of device and the default admin password gives attackers the easiest way in.  Both should be changed before the device is connected to the internet.  Attackers are always scanning the internet for devices with default passwords, potentially compromising yours within seconds of connection.
  • Secure the account.
    • If the device requires an account, the device can be accessed by anyone with the account.  If possible, enable multi-factor authentication, which can be as simple as receiving a text whenever you attempt to log in.
  • Secure the settings and disable unused features.
    • Dig through the settings of the account and the device, disabling any features you don’t use and changing the settings to what makes the most sense for you.  Remember the default settings are often what’s best for the company, not necessarily what’s best for the user.
  • Keep things up to date.
    • Check for updates immediately and always install updates as soon as possible.  If auto-updating is possible, use it. If not, find out how it is updated. Do they push it out to you or do you have to go to their website to download it?
  • Keep things separate.
    • Set up two Wi-Fi networks at home, one for the normal devices and a guest network for IoT devices and visitors. This doesn’t require additional hardware, as most routers have a guest network feature that’s easy to set up.

Using these tips and tricks will ensure everyone can safely enjoy their gifts without inviting a vulnerable device to the holiday festivities.

Recent Posts