Everything seems like it is connected to the Internet, just about, including TVs, home thermostats, sprinkler controls, door locks, egg trays (yes, there’s an app for that), tooth brushes (cray cray), and more.
A study by HP shows that 70 percent of devices have vulnerabilities. Researchers have revealed that most of the devices in their study, plus the devices’ mobile and cloud applications, had a welcome mat for hackers.
Most of these devices had weak passwords (like qwerty) or weakly protected credentials (unencrypted): beacons for hackers. Seventy percent of the devices lacked encryption. Sixty percent had insecure software updates.
The Open Web Application Security Project notes that vulnerabilities include poor physical security of devices. Gartner, an industry analysis firm, predicts that over 26 billion items, by 2020, will be connected to the Internet. And this includes all sorts of stuff in your home.
All these “smart” devices are a little too dumb and need even smarter protection. The more connected you and all the things in your home are, the more vulnerable you truly are.
Just think of how much of your personal information gets all over cyberspace when you’re so connected, including where your person is at any moment and medical details. Its these “peripheral” devices that connect to your wired or wireless network that in some way connect to your desktop, laptop, tablet or smartphone that criminals are after. Once they hack, say your thermostat, that may give them a backdoor to your data.
Device makers are not bound by any policies to regulate safety/security, making the instruments highly prone to cyber criminals. Worse, most people don’t know how to spot attacks or reverse the damage.
So how do you create a “smarthome”?
- First, do your homework. Before you purchase that smarthome device, take a good hard look at the company’s security policy. How easy can this device be updated? Don’t make the purchase if you have any doubts. Take the time to contact the manufacturer and get your questions answered. Know exactly what you’re about to sink your teeth into.
- Your device, new or old, should be protected with a password. Don’t keep saying, “I’ll get around to it.” Get it done now. If you’ve had a password already, maybe it’s time to change it; update them from time to time and use two-step verification whenever available. If you recently created a new password for security purposes, change it if it’s not long, strong and unique. A brand new password of 0987poi is weak (sequential keyboard characters). Criminals are aware of these kinds of passwords in whats called a “dictionary attack” of known passwords.
- Make sure that your software/firmware is updated on a regular basis. If you see an update offered, run it, rather than getting annoyed by it and clicking “later” or cancelling it. The updated version may contain patches to seal up recently detected security threats.
- Cautiously browse the Internet. Don’t be click-happy. Make sure whenever using a wireless connection, especially those that are free public WiFi use Hotspot Shield to encrypt your data in transit.
- Don’t feel you must click on every offer or ad that comes your way, or on links just because they’re inside e-mails. Don’t click on offers that seem too good to be true.
- Your mobile devices should be protected. This doesn’t just mean your smartphone, but the smart gadgets that your smartphone or tablets control, like that egg tray that can alert you when you’re running low on eggs.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- 5 Mobile Internet Security Lessons
Do these things every day religiously and you will be more secure using your mobile devices: Be careful on social sites: When logging on via mobile, know that among Facebook’s billion users, thousands or hundreds of thousands of criminals are out there too and targeting its users. Hackers are creating viruses that specifically target Android users
- 10 Tips to Better Password Security
Now that Apple has rolled out its new “Touch ID” fingerprint biometric technology, none of us ever has to enter a password ever again….NOT. While biometrics is certainly an option for authentication and a fingerprint is the most likely method of password deployment, it will be a long time until (if ever) a fingerprint is
- New year, new Passwords, here’s how
You must change your passwords like you must change your bed sheets. This is not up to negotiation, thanks to the influx of viruses, malware, phishing sites and key loggers. Changing a password means having a new password for all of your accounts rather than using the same password. Imagine what would happen if someone got
- 11 Ways to prevent your Email from getting hacked
#1. Whenever possible, configure your Internet connection to always use HTTPS. This is the “https” that appears before the “www” in a Web address, and the https is preceded by a padlock icon. For Gmail, this works by clicking Settings in the top right; select the General tab, then hit Always use HTTPS, then save this
- Securing Your Mobile in Public Places
What would cause you more grief: your wallet being lost or stolen, or your mobile phone? I’ve read studies that showed that more people would be at a loss without their mobile device. This makes sense for a number of reasons. Your wallet itself might cost 20 bucks and the cards and IDs are free