Does the Internet of Things Decrease Your Privacy?
Earlier this year, the Internet of Things (IoT) was unveiled at Consumer Electronics Show (CES) in Las Vegas, NV. While this concept is already in practice in one form or another, in short, one piece of the IoT is the ability to set your home up to be accessible from your smartphone or computer. This makes your home a “smart home”. You have the ability to control the lighting, air conditioning, refrigerator, oven, door locks, and just about everything else from your smartphone. IoT is just the latest in smart home technology even though some systems have been around for quite some time. You can, for instance, buy Wi-Fi and Bluetooth-enabled door locks at BestBuy. There are also plenty of connected thermostats, cameras and security systems. But, IoT takes it to a new level, connecting almost everything in your home. Which brings up an interesting question, how safe is it?
Think about it, your home, your private residence, collecting data constantly to make this magic happen. Your thermostat is constantly measuring the temperature and detecting movement to make sure that you aren’t wasting money on heating and cooling when no one is home. Your fridge knows what it contains and how much of each product you have. Your toaster knows how you like your toast done. Door locks that know who unlocked the door or if the door is left unlocked. It is a staggering amount of personal data that gets transmitted over the airwaves, generally via Wi-Fi.
Does this mean you should not buy these products? That is up to you. Some of these products can be very beneficial to your everyday life, but there is always the potential for hacking and theft.
There are many things you can do to better secure these devices. Most of which will need to be done by a network technician. First and foremost, however, you must prevent your smart home devices from connecting to the outside world. Generally, the way these systems are set up is they connect to a special central secure device in your home. This more secure device is what accesses the outside world and allows you to turn your lights on or off from several thousand miles away. However, there are devices out there that do not have this central system and connect to internet on their own, this is where the danger comes in.
Here are some ways to reduce the risk and it starts before purchase:
Select device manufacturers carefully. Some companies are pretty cavalier with your private information. The larger companies are going to do a better job protecting you than can the smaller companies. However, larger companies are a bigger target since they have a larger market share. Check out the manufacturer’s security and privacy policies. Does the manufacturer sell your data? Do they store any of your data?
As you begin setting all of these IoT devices up, change the password used to login to the router immediately. This will greatly increase your security by changing the easily obtained default username and password.
Setup WPA2 encryption in your home Wi-Fi. Use a strong Wi-Fi passphrase and keep it safe (Give it to no one). Use of this type of encryption will greatly reduce a hacker sitting outside your home from hopping onto your network.
Make sure you keep your router's firmware up-to-date. New routers right out of the box probably need to be updated. There should be a menu option for doing so right from the router’s interface.
Do not connect any of the IoT devices directly to public internet addresses. Use a router that has a firewall or at least Network Address Translation (NAT). This ensures that your devices can’t be discovered on the Internet.
Disable Universal Plug and Play (UPnP) on your router. This greatly increases security by preventing devices from opening up holes in your router’s firewall.
Examine each device’s privacy and security settings and remove everything you don't need. Some of these new devices have very few settings to change. However to the extent that they have settings that you can change turn off the things that you don’t need. As an example, as we wrote about recently, the voice commands feature in your Smart TV may be a significant risk. If you aren’t using the feature, turn it off. If you decide later to use the feature, you can certainly turn it back on.
Most of these IoT devices need to be registered to a cloud service before they can be used or accessed remotely. When registering the device or setting up an account, use a strong and unique password. Keep your cloud account’s strong and unique password safe. If you suspect some sort of hack into your account, change your password immediately.
Since many of these accounts require the registering of an email address. Force yourself to have a strong and unique password on your email account. Keep this password safe.
If any of the accounts allow for 2 Factor Authentication, use it! 2 Factor Authentication requires you to identify yourself in two (or more) ways. This is a good thing and provides much better security than single-factor authentication.
Always, keep your computers, tablets, mobile devices and cell phones free of malware. Use an anti-virus / anti-malware program. Keep the software up to date. This will help prevent a virus or other malware from stealing your password which would then allow the malware’s owner access to your IoT devices.
When it comes to smart locks, think carefully, then think again and think once more. If you're one of those people who leaves a key lying around, say under the doormat or in the flower pot, well then you may be more secure with a smart lock.
Cameras require a similar degree of thought. Turn off any cameras that you don’t use regularly. No sense in adding a way for hackers to see who is home and what they are doing.
