Fwd: [CIAD-2020-0044] Security of Smart devices at Home

Description

Smart devices are the everyday items that connect into a common network

that can be independently and remotely controlled. This can include both

'hi-tech' items (smart speakers, fitness trackers and security cameras),

and also standard household items (fridges, light bulbs and doorbells).

These devices can be controlled from smart phone or through a mobile touch

screen device.

These devices are usually connected to the internet using Wi-Fi. It gives a

live camera feed, receive alerts and gives record footage. As technology

development continues to expand, home automation helps us to manage all of

home devices from one place, flexibility for new devices and appliances,

maximizing home security, remote control of home functions, increased

energy efficiency etc.

At the same time, appliances and devices that connect to the internet and

to each other on your home network, becomes an increased risk of becoming

the target of cybercriminals. If your home network isn't secure, each new

gadget represents a potential access point for hackers. These hackers can

steal and misuse your personal information and even take control of those

smart cameras or microphones to spy on you.

Existing vulnerabilities, poor configuration, and the use of default

passwords are among the factors that can aid a hacker in compromising at

least one device in a smart home system. Once a single device is

compromised, hackers can take a number of actions depending upon on the

capabilities and functions of the device.

Beginning from the front door, for example, there can be a smart lock. If

compromised, the smart lock can give hackers control over who comes in or

out of the house.

Or a smart speaker, serves as the conduit for voice-initiated home

automation commands. If compromised, it can allow hackers to issue voice

commands of their own.

Devices like smart robot vacuum cleaners, which have some mobility around

the house, can provide hackers information about the home's layout, which

in turn, can be used by the hackers in planning further activities and

movements.

Portable and wearable smart devices add another layer of complexity to IoT

security concerns, as these devices traverse both enterprise and home

environments. Devices, such as smartwatches are typically brought by users

to the office, and then brought back home at the end of the day. A malware

infection picked up in one environment, can spread to the other if the

"bring your own device" (BYOD) policies in place are weak or if

adequate security measures are not taken to prevent such a threat.

Best Practices for Securing Smart Devices

·        Setting up device: Before buying a new device for your home,

consider doing some research on it. Understand what kind of features and

details are included and pick devices that have clearly considered quality

and security as main features. For setting up a specific device, refer to

the manufacturer's documentation.

·        Use a strongest possible encryption method for Wi-Fi.

·        Set up a Separate Wi-Fi Network for IoT Devices: By creating a

separate network dedicated to your IoT devices, you can safeguard your main

network against IoT threats. Visitors, friends and relatives can log into a

separate network that doesn't tie into your IoT devices. As placing IoT

devices on a different network keeps them detached, if hackers do manage to

get through, they can't access any of your more important devices.

·        Change the default username and password: Cybercriminal uses

these well-known passwords to access the camera remotely and view live

video or images of our home. Avoid common words or passwords that are easy

to guess, such as "password" or "123456."  Instead, use unique,

complex passwords made up of letters, numbers, and symbols for Wi-Fi

networks and device accounts. You may also consider a password manager to

up your security game.

·        Disable the unwanted features. Many IoT devices give you the

ability to control them from anywhere on the planet. But if you only use

them on your home's Wi-Fi connection, disable remote access. Smart

speakers often have Bluetooth connectivity in addition to Wi-Fi. Turn it

off, if you are not using it.

·        Setting up Router: Many routers use technologies called UPnP and

port forwarding to allow devices to find other devices within your network.

Cyber criminals can exploit these technologies to potentially access

devices on your network, such as smart cameras. Disable the UPnP and port

forwarding on the router to prevent cyber-criminal access. Don't stick

with your router's default name, which is usually its make and model.

·        Managing account: Two-factor Authentication provides a way of

double checking and makes much harder for criminals to access online

accounts, even if they know the password.

·        Keep your software up to date: Installing software updates help

keep devices secure. Updates to many IoT devices may not happen

automatically. Hence, do a manual check every few months, and if you find

any pending firmware updates, install them right away. If available, enable

the option to install automatic updates.

·        Protect your smartphone: Most home smart technology and security

systems can be controlled by an app on your mobile phone, so protecting

your smartphone is crucial. Be sure you have your smartphone

password-protected so that if your phone is lost or stolen, no one will be

able to access your home smart tech or security system apps.

·        Audit the IoT devices already on your home network.

·        Watch out for outages: Ensure that a hardware outage does not

result in an unsecure state for the device.

·        Perform a factory reset when malicious control/access of a device

in your home.

·        Perform factory reset before selling the device: If you decide to

sell or give away one of your smart electronics, follow the

manufacturer's instructions to remove all of your data. Otherwise, the

next person who gets their hands on it may automatically access all of your

information or communicate with other devices on your network.

References

rt-home-devices/

in-Your-Smart-Home.aspx