Post written by Joel Scharlat, IVEA Consulting
[The following is an adapted excerpt of a previously posted blog article. The full post can be read here.]
Now that the holidays are behind us, we can begin to slowly wean ourselves off peppermint mochas, candy canes, and hot chocolate. For anyone who received a smart anything this year, it’s also time to enjoy our gadgets. This influx of smart gadgets into our homes offer the promise of convenience that ranges from the (almost) satirical real-time messaging your refrigerator sends when your milk needs to be replenished, to the security-conscious ability to turn your house lights on when you approach your house, to the advertised energy savings provided by adjusting the temperature of your house based on whether or not you are there.
IoT and smart devices are connected to the internet somehow, often using WiFi or Bluetooth. Some devices use cellular technology to connect to the internet. This provides the convenience of viewing the data collected by these devices from anywhere. Literally. Do you want to see who just rang the doorbell at your home in California while you’re in that board meeting in New York? Connect to your smart doorbell. Are you worried that your dog sitter is just eating your snacks and watching your TV while Fido gives her a longing stare with his favorite toy tucked between his paws? Dial up your web-enabled camera to check it out. Are your in-laws coming over to finish off the holiday leftovers but you’re stuck in traffic and can’t let them in? Fire up your smartphone app and open the garage door for them and even turn off your home alarm. Super easy, super convenient and the possibilities are growing daily.
The problem is, most consumers aren’t thinking about security and the risks associated with IoT devices. The IoT/smart device market is still in its infancy which means consumer demand is outpacing the creation of industry standards and implementation of best practices as companies race to get their devices to market and take advantage of the growing demand. Often times this leads to some very basic issues. For example, devices are programmed using standard usernames and passwords (think “admin“/“password“) as login credentials in order to make it easier for consumers to smoothly connect to it from anywhere in the world. This leaves the virtual door wide open for nefarious actors to access your new smart device or the network they are connected to. Great, you can see when I need more milk, what’s the harm in that? Maybe you wouldn’t mind picking some up on your way over. Then, because you’re in my network, you can just let yourself in through the garage door and turn the alarm off too. But be a pal and reset the alarm and close the garage door on your way out, please.
While slightly tongue-in-cheek, the above example takes a leap from accessing a smart-fridge to illegal entry into my home. But it is not that far-fetched. So how do you protect yourself? As a consumer, you should become more educated about these devices, the devices’ potential security risks, and how it affects their lives. While it is often impractical for consumers to hire cybersecurity firms to ensure their smart devices are properly connected to their home networks and protected from known vulnerabilities, consumers should at least understand basic cybersecurity principles including using proper passwords and other best practices. The key for consumers is to understand and balance risks with any benefits, perceived or actual. This way, they can make informed decisions on which devices to buy and implement.
The full post can be read here.
Do you want to know more? Join the Loudoun Chamber’s Technology Coalition.