Over the past two months we’ve had the pleasure of interviewing an international panel of cyber security experts for our podcast on IoT threats. Ethical hackers, security vendors, PhD students and professors shared their thoughts on the promises of IoT as well as the challenges of an expanding surface attack. At the end of each interview, we asked the interviewees to provide cyber hygiene heuristics that the average smart home user can implement. These practices won’t make you immune against cyber threats if the NSA or FSB want to hack your computer though –they will overcome all these simple procedures to attack you, but they will mitigate attacks by less skilled actors. What follows is a summary of the top four answers, we hope you enjoy the tips and also implement them!

 

Research: Is the device manufacturer a reliable company? Do they take security seriously? Can the device be found via services like Shodan?
Avoid connecting insecure devices into your network, and always ask yourself: what would be the worst-case scenario if this device gets hacked? And act accordingly.

Segment: If a smart thing in your network is compromised, an attacker can access your entire network and cause harm; avoid this by connecting your IoT devices to a different network (vLAN) than the rest of the computers. This may require some extra hard work if you do not have the Netonomy agent installed, or a security-focused router, but it is not impossible to do and this DIY guide can help.

Password: This should be obvious, yet default passwords are the leading cause of hacked IoT devices, because default credentials are basically publicly available information. So if you haven’t yet changed some default credentials, reset your device and immediately proceed to create a strong and original password.

Update: Pretty self-explanatory. Check periodically if any of your connected devices have a firmware update or security patch release, failure to do so will leave you exposed to known vulnerabilities which can be exploited by malicious actors.

Beyond these basic cyber hygiene practices, it becomes really hard for consumers without technical knowledge to do much more, which is kind of scary. Fortunately, Netonomy’s solution is being implemented across different routers and ISPs to seamlessly bring security and control to home networks, which is the best hope we have to deal with IoT cyber threats today.

 

Tune in every Wednesday for more cyber hygiene tips you can implement in your network!

 

 

For this week’s podcast we had the pleasure of interviewing Cate Lawrence, a technology journalist for ReadWrite and DZone, as well as a freelance writer for various startups. Cate is a big fan of IoT, wearables, robots, AI, biohacking and other trending technologies which she likes to chat about on her podcast. This interview lasts 15 minutes, feel free to listen to it below or go ahead and read the edit. Enjoy!

Do you live in a connected home with 9 or more connected devices?
Yes, I have some wearables, connected pet products to review, Amazon Alexa, and also RFID and NFC implants… so I guess I’m somewhat connected.

Could you expand on the connected pet IoT devices?
It’s a battery-powered toy for cats, shaped like an egg with a feather, so it looks a bit like a sex toy unfortunately. Basically how it works is that you can make it change noises (bird, frog, etc) through an app, and when you are not home it rolls around your house and makes noises to entertain your pet. I tried it a few times because I was going to review it, and after a couple uses the cat hated it because it was too noisy and would wake her up when she was sleeping. So the UX experience was pretty bad.

You mentioned RFID implant, is this for payments or what do you use it for?
You can’t use them for payments at the moment; I got them at a wearables tech conference because I’ve been covering biohacking for a few years. I got some health data stored on them, but besides that I’m not using them much in terms of connectivity. In an ideal world you’d be able to do pretty much anything you can do with a swipe card, but it can be a little bit harder to implement depending on where you live.

As a tech. journalist that’s always researching the market, what is an IoT startup that personally gets you excited or afraid of the future?
My favorite is one called ShotSpotter, acoustic sensors that enables the police to detect gunshots through acoustic surveillance. Basically 15-20 sensors are deployed per square mile to triangulate gunshot activity and detect time and location of shootings because a lot of the time people don’t call the police. It just shows that there are a lot of social and community-based problems that technology will have a place in solving; this one example has been very successful, and the funny thing is they are also using it in Africa to prevent rhino poaching and blast fishing.

Taking it back to the consumer side, we have not seen much innovation…how far do you think we are from this sort of groundbreaking technologies that can take us closer to a Jetsons future?
I know exactly what you mean, at the moment a lot of it is kind of in prototype stage or POC-stuff. But if you think of kitchen products, like ovens and refrigerators, a lot of the big retailers are doing things, like an oven I saw earlier this year that could perfectly cook a fish in a piece of ice by using sensors. There are all kinds of -sometimes bizarre, sometimes really interesting, use cases. I think it’s coming but right now there’s a small number of really innovative products offered at a higher cost, so in terms of scale that’s not going to happen until the prices drop. And the prices are dropping, the cost of sensors technology has dropped exponentially over the last few years, so we will gradually see more and more products.

Cybersecurity is also related to the lack of adoption, do you feel that the lack of consumer IoT endpoint security is a real fear, or are these fears greatly exaggerated?
I don’t think they are exaggerated at all. Researchers have triggered most of the cases we hear about in the media, but we have cybercriminals deliberately committing attacks and the vulnerability of products already in the market is pretty appalling. There are no standards or records, I still hear people telling me: the industry should regulate itself, but I don’t think it should because it’s showing no ability to do that, let’s be honest. Introducing laws is a problem itself; they could be too vague trying to cover every eventuality or so niche that they miss a lot. It’s going to take a really multi-faceted approach, a lot of it is going to be consumers being cyberaware and potentially not buying things if they believe they are insecure.

What are some good cyberhygiene practices that you would recommend to our listeners who live in a connected home?
The first one is to know what devices you got connected to the Internet, it’s amazing, I hear scenarios all the time where people have connected home products but they have no idea how many and therefore have no means or plans to update them when they need. A lot of this stuff is “power is knowledge”, knowing about risk management, knowing how to identify an email you shouldn’t open, making sure you have multiple passwords and two-factor authentication, making sure your device is not publicly accessible through services like Shodan, and just really questioning the products you get. If you are getting the cheapest products from parts of Asia and they are connected, you might want to check them out a bit, take some care and be vigilant with this stuff. Unfortunately we are in an era where you can’t install once and leave it, things always need updating, so if you see a vulnerability or if you see an alert…update your stuff, stay informed, you don’t need to be hysterically fearful, it’s about making judicious decisions on what you should accept.