Imagine sitting in your living room, watching your favorite sports team or working on a mobile device, and suddenly, something catches your eye. You notice the web enabled camera you have set up on the windowsill to catch wildlife movement in your yard is active! Not only is it on, but, it is rotating! It slowly turns around and is videoing activity and movement in the house. Someone is controlling your device and watching you!
Sounds like a scene from a creepy movie doesn’t it? This actually happened in the house of a technology correspondent for the BBC, Mark Ward, as he was doing research for an article on home smart appliance or internet of things (IoT) device security. It turns out that the hackers manipulating Mark’s camera were a couple of security experts demonstrating to Mark how easy it is to gain access to some IoT devices.
An Increased Threat in Your Home
How many devices do you have in your home that have the potential to connect to the internet? Gartner estimates that by 2022, the average home will contain about 500 smart devices. Today, we have devices that will save us money on our utility bill, allow us to turn off an appliance, change the color of the light in the room based on our mood, open the garage door or dim the lights all from an app on our smartphones. Devices such as dimmer switches, smart light bulbs, Wi-Fi-connected electrical outlets and smart hubs are great tools to have around the house and can save homeowners money.
And it’s not just about smart appliances or home features. Some toys have Bluetooth or Wi-Fi that enable anyone – not just the parents – to effectively talk to a child through their toy.(And, if breached, teddy bears with hidden cameras allow someone to listen in on conversations.
The key to remember is that manufacturers of these IoT devices are not necessarily security experts. As we integrate technology into our homes and daily lives, the risks for security issues also increase. It therefore becomes essential for homeowners and technology users to understand and protect systems that connect to the internet and protect the home network.
All of these devices contain a small computer with an operating system. If you can access and control this device, so can someone else. Many times, home network security is overlooked by the thought that a home network is too small or insignificant. That nothing would be gained by accessing it, and it wouldn’t be targeted by a cyber-attack.
But the U.S. Computer Emergency Readiness Team (US-CERT) states that any device that connects to the internet, no matter the size, is vulnerable to a cyber-attack. Our home devices may be attacked, not personally against us, but to be controlled and used in a bigger attack, such as the Mirai Botnet attack in 2016 that affected a large part of the internet in the United States in 2016, preventing access to such sites as Twitter, Netflix, Reddit and CNN. A botnet attack is a group of computerized devices that have been breached and allow the attackers to use that device as part of a larger distributed denial of service (DDOS) attack.
How to Secure the Devices in Your Home
So, does this mean we all need to be network engineers or security architects to qualify for a home loan in the future? Well, let’s hope not. But, if we are going to embrace this technology and ask a digital voice assistant to set the temperature of our bath water or have a robot make us a perfect chocolate milk (shaken, not stirred), we’d better have a grip on some basic understanding of how technology works, the types of threats that exist, how to protect the home network and that out-of-the-box configurations are not the security we need to rely on. Then we can really make great strides in securing our home.
Here are a few basic cybersecurity practices to implement on your home network:
- Change Passwords: Many devices, including home routers and IoT devices, have default passwords that should be changed as soon as the device is out of the box and being connected to the network. Hackers can find lists of manufacturers and their default usernames and passwords so they can gain access to devices whose settings have not been changed. Is your device one of them? You can check sites like RouterPasswords.com for your router’s make and model.
- Update Your Software: Vulnerabilities to software are discovered all the time. Manufacturers release updates that, when installed, will fix the vulnerabilities within the device or computer, making it harder to access. Set a reminder to update all your software regularly – just like you set reminders to change the batteries in your smoke detectors.
- Choose Devices That Update Automatically: If your device updates automatically when updates are released, you don’t have to set a reminder because it will always be running the latest software. When purchasing an IoT device, check the features and choose one that allows you to enable automatic updates.
- Create Unique Logins: Don’t use the same information to log into multiple places. You do not want to log into your smart light switch with the same username and password as your Facebook or Twitter account that would be accessible to someone if there was a breach.
- Install a Network Firewall: A firewall essentially places a barrier around your home, blocking malicious software access attempts. When a firewall is configured correctly, it can prevent malicious applications running on a device inside your home from communicating to the internet. Firewalls may also block certain types of traffic from leaving the home network and can be configured to log traffic coming into or out of the network.
- Disable Wi-Fi Protected Setup (WPS): WPS is a simple way to connect wireless devices to the network by simply entering a PIN instead of a password. Many of the devices using WPS do not have strong lockout policies, so attackers could try as many numbers as possible until entering the right combination and gaining access.
Gaining Basic Cybersecurity Knowledge to Protect Your Home
These are just a few suggestions that may be used to secure your home network. The best defense will begin with the basic understanding of technology and information and how communications are transferred.
CompTIA IT Fundamentals+ is an IT certification that covers many of these concepts. The topics focus on the basics of information technology including understanding what various devices do, how to connect them together and how to troubleshoot them. The certification provides an overview of technology for people who use or work with technology but don’t necessarily do IT.
Get Started with Official CompTIA Training
The Official CompTIA IT Fundamentals+ Study Guide is available now in the CompTIA Store. Learn the knowledge and skills you need to understand how devices are connected, how they communicate and connect to the Internet, and the associated security risks. CompTIA IT Fundamentals+ training can also help you learn the skills you need to prepare for an IT career.
Ready to get started? Download a complete list of exam objectives and practice questions for CompTIA IT Fundamentals+.