More and more of our everyday interactions involve some type of IoT device, whether a security camera, doorbell, AC thermostat, vacuum robot, smart TV, Alexa or Google Home assistant device, etc. Many of these devices are not very secure, and their manufacturer support for updates is non-existent in some cases. Many do not even support secure communications, or only support weak encryption ciphers that are easily breakable.
It is important that before acquiring any of these devices, we stop to think about the company behind that device, the device’s security features, and whether firmware updates or support will be available for them, and for how long. This is especially true if the device will be handling any type of sensitive data, like security cameras installed in private areas, or health-related devices.
Other things to keep in mind, regardless of which device you end up purchasing:
Never connect them to your main Wi-Fi connection. Instead, connect them using a Guest Wi-Fi instance from your home router, making sure that the Wi-Fi connection is configured to provide isolation from other devices in the network. This will only allow that specific device to get out to the Internet and not reach any other device internally on your network or in the same Wi-Fi.
Change all default credentials when setting them up, in order to avoid being taken over by bad actors using these widely known or easily found credentials.
Enable encryption in the device settings, if available and if not already set by default.
Regularly check for firmware updates or enable automatic updates in the device settings to keep them running on the latest available firmware version. Keep any phone or computer apps required to manage these IoT devices up to date as well.
Reboot them regularly to clear their memory and keep them performing at their peak.
Keep tabs on all your IoT and other network devices to make sure you don’t have any Rogue devices connected to your network and potentially using your Internet service for malicious purposes.
When the device is no longer in use or if it is too old, disconnect it and find a more up-to-date replacement.
Following these tips can help you minimize the impact that these useful, but often unsecure, devices can have in your network if they are overtaken or infected by malicious actors
By Walter Rey, Systems Administrator/Cybersecurity