Internet of Things devices increase in number and functions performed every month. An example of Internet of Things, or IoT, device could be a home thermostat or a lightbulb you can control from your smartphone, a refrigerator with a screen that can show you today’s weather, a home security camera, or a Smart TV. All of these devices must connect to a computer network (Wireless or WiFi network typically) in order to be remotely or wirelessly accessed or “smart”.
Why does it matter? Well, by connecting to a computer network, these devices are also usually connected to the Internet and since these devices are not as powerful as a full computer would be, they do not have antivirus software or firewalls built in to protect themselves and, if they do have password protection (many don’t), then the passwords often do not get changed by the owner (so they remain as “default” factory passwords which are well known) or the process for changing the password is itself very insecure.
What harm can this do? Any IoT or Smart device that has a video camera or web cam built in could be hijacked by a hacker and the camera used to view or record video in your home. Maybe it would just be embarrassing but this video could also be used to determine when you are at home and when you are not, thereby enabling a criminal to pick the best time to break into your home. IoT devices can also be used as launch pads for other cyber attacks such as the one that brought down portions of the Internet on the East coast of North America in 2016.
What can you do? Consumer products are finally emerging which directly address risks around home users of IoT or Smart devices in the form of Smart Firewalls. A firewall is a device that sits between you and the Internet and, if you purchased your own home Internet router box (for activating your home WiFi or wireless network) then you may have one built into your home router. The difference is that these enhanced firewall devices do more – they are simultaneously:
1) a router – they act as your WiFi network in your home,
2) a firewall – they protect your home WiFi from hackers on the Internet,
3) an antivirus system (in many of these but not all) – they protect anything that connects to your home network including Smart TV’s, computers, tablets, and even your friend’s or your kid’s friends who connect to your home network,
4) a web site filter using Artificial Intelligence (again, many do this but not all) – they watch the web sites you visit and block the dangerous ones automatically,
5) a network Nanny (again many do this but not all) – you can set Internet blackout times (e.g., during homework times when you are at work but your kids are home) so that Internet is not available during these times and you can remotely disable your Internet from a smartphone if you want to, and
6) an active network security scanner (again many but not all do this) – the device can scan your home network for security issues and alert you about what it finds.
Some product examples: Asus Rt87U, Dojo, Norton Core (good home user choice!), Cujo, FingBox.
ANTHONY ENGLISH Vice President, Mariner Security Solutions
PCIP, C|CISO, MCSE, CISSP, CISA, CISM, CGEIT, CRISC, CBCP, CIPP/C, ISO 27001 Master, CTT+, A+, HiTrust Certified CSF Practitioner, ISO27033 Lead Cybersecurity Manager
Anthony is one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards based compliance. He sits on the Standards Council of Canada (SCC) IT Security Techniques committee (MC/ ISO/IEC/JTC 1/SC 27), the Disaster Recovery Institute Canada (DRIC) Certification Committee, Cloud Security Alliance committee on the security of health care data in the cloud and is an Exam Development Volunteer for ISC2. Anthony has worked in utilities, law enforcement, consulting, education, health care, lottery and gaming, auditing and the financial sector.