Today, in addition to computers, smart-phones and tablets, there are many more devices in our daily lives that are connected to the internet. We are using very different types of connected devices in our life. They do not have traditional shapes like a PC, laptop or tablet but they may have theoretically any shape.
For example, Amazon Echo is a cylinder which stands on your desk. You wear your smartwatch or your activity tracker on your wrist. Your Google Glass or your wearable cameras will capture everything in your daily life. You will not need your traditional TV antennas. Your ChromeCast or Roku devices will stream via internet whatever you like to watch.
Our homes are getting smarter every day and it I already possible to use smart household appliances connected to internet. It is even possible to use connected bulbs which can be controlled via internet. Smart televisions are one of the important part of our daily life with their internet connection functionalities.
Surveillance systems have been using cameras with internet connection for several years and we have baby monitoring systems with camera and microphone enabled and connected to internet.
Kids are playing with smart toys which have cameras, microphones and internet connections.
Connected devices are changing our life, helping us to increase our quality of life and providing new opportunities in our daily lives. However, every advantage comes with some risk and connected devices are no exception.
First of all, connected devices collect lots of private information about you and your daily life. For example activity tracking devices collect information about your daily activities, your location, information about your health and even conversations. Therefore, it can be very easy for any attacker to collect private and sensitive information about you.
If you continue to use your Bluetooth connection without any security settings, you may be bombarded by commercials while you are shopping or walking around the shops. It is also possible to get copy of your data on your phone or device and any attacker can copy all your photos, account information, contact information and other data stored on your device via unprotected Bluetooth connection. Here are the list of other types of risks:
- Applications running on connected devices which do not have very strong security settings
- Applications running on connected devices have more security vulnerabilities than our traditional computing devices, which lead to more attacks
- Attacker can install his or her own software on your device
- Attacker can take control of your device.
- Attacker can use your device to attack other systems. Therefore, they can hide themselves behind your devices and your data.
- Attackers can use your device as a proxy and they can browse the internet anonymously. Every system and website will see your internet address while the attacker is using your device
- Attackers can take control of your system.
- If you have any device with a camera and/or microphone, an attacker can enable the camera and starts to see everything around the device. If your device is in your home, the attacker will be able see inside of your home or office. An attacker can also listen to your conversations or record every conversation in your home or office.
- Attacker can take control of your connected device and stop, disable your device or change the settings on your device and hence you can see very weird behaviors. For example, attacker can increase the temperature in your refrigerator and we may lose every food in your refrigerator. Or attacker can dim your lamps, increase or decrease the temperature setting for your home or detect whether you are at home or not.
- Activity tracking devices provide various information about you.
- Attacker can see where you are.
- Attacker can collect information about your health.
- Attacker can get information about your daily routines and/or activities
- Attacker can install his or her own software on your device
- Attackers can send any image to your smart TV or your screens using any type of streaming device such as ChromeCast, Roku, or Amazon Fire
Security Tips and Recommendations
Change the Default Passwords
When you start to you your device for the first time, change the default password, if there is any.
Always isolate your connected devices from other devices or users by using a firewall. If you are using your device at home, always enable your firewall on your wireless internet router.
Configure Device Matching Settings
Almost every connected device has some sort of setting to match your device with one or more of your other devices including your laptop, your smart-phone or tablet. Match your device with your others and restrict the devices that can communicate with your device.
Update Your Device
Since the implementation of internet functions on connected devices are not very mature, there might be various number of vulnerabilities. Therefore, it is necessary to continuously update the software running on your device.
Always Enable Access Control
Although some of the devices do not have an access control system, some connected devices started to offer access control mechanism to authenticate the device or users wanting to make a connection with the device. If you have any type of access control system on your device, enable it and set a strong password.Disable Bluetooth:
Some devices come with a Bluetooth connection option. If you are not using your Bluetooth connection, disable it.
Match Bluetooth Devices
If you need to use Bluetooth connection, please be sure to verify the connected devices and set the connection passwords offered by Bluetooth systems.
Change the default Bluetooth codes or passwords.
Use complex key combinations other than easily predicted default key combinations such as “0000” or “1111”.
Public and Free Wi-Fi Connections
Public free Wi-Fi services provide convenient service. However, they introduce huge risks for connected devices.
It is recommended not to connect your connected devices to free public WiFi networks.
Set a strong password and change your passwords as frequents as possible.
If you have difficulty to remember your password, you can use special applications called “password vaults”. You can find some examples of password managers below:
If you see any suspicious activity or if you are the victim of an identity theft, contact IT Services for assistance.