 |
Image credit to Neil Hughes |
We live in an exciting time with useful the new devices that allow us to access and monitor or manage remotely. Unfortunately many of these cool new devices are configured with little or no security or privacy controls to prevent others from accessing data or the device out of the box. Devices may be configured with insecure passwords (such as "password" or "1234"), security services turned on (such as telenet) or apps that allow any user to bypass authentication. Instructions may be written without regard for controls that must be applied, installers aren't configuring them or consumers do no have the knowledge/skills to make changes.
The problem is that developers of the new IoT devices want a piece of the pie. If they make their devices too complicated to install or use consumers will pass by them for a device that is simple. Also, they want their product to hit the shelves quickly. Bottom line is that each time information, data or equipment is compromised by hackers we all pay. We've probably all heard about baby monitors being accessed by hackers as well as the recent breach of celebrity images. It's a big problem that will only get larger as time goes on.
Most consumers want the technology today and they don't want to learn something new to make it work. The obvious solution is for the developers to build their devices securely before the product hits the market. An organization called OWASP has developed a guide called the "Top 10 Web Vulnerability" list as well as a resource site "BuildItSecure.ly" that provides security best practices.
The problem is developers can't fix the problem with code alone, they need consumers to meet them half way. A few steps consumers need to follow include:
- Install and configure a firewall on your home network. Change the default login password (these passwords are accessible with a simple google search) on the router.
- Install a full service virus protection program that includes malware protection, a software firewall and a website advisor.
- Never install pirated software. Beware of sites like downloads.com where software may be laced with malware.
- Be conscious of clicking on email messages with attachments. Malware is often installed from email attachments. Take a few minutes to think about the validity of the information in an email message.
- Be careful about using public wi-fi hotspots. Many devices exist that allow a bad guy to capture your information from a public hotspot without you even knowing about it. (Check out this website to learn more about the Wi-Fi Pineapple: https://hakshop.myshopify.com/products/wifi-pineapple)
- NEVER click on a pop-up window that tells you that your computer is infected with a virus.
- Report phone calls from strangers who tell you your computer is infected. This is a SCAM!
- Be very selective about the kinds of information you share on social media. The internet never forgets. Privacy controls change regularly without your knowledge on several social media sites. Really, you don't need to share everything!
- Keep your computer operating system updated. Review the software installed on your computer and connected devices. Do not install programs you don't need and keep them updated.
- Be careful about the Internet sites you visit. Pay attention to your internet website advisor.
