How to Prevent Security Issues With IoT Technology
Botnets are something you should be aware of
At the risk of sounding like a B-movie plot, your internet connected appliances could be ganging together with other smart devices, webcams and Wi-Fi routers in the neighborhood to plot a massive cyber-attack.
To be fair, the friendly metal box that keeps your groceries chilled is not to blame. It is an overall lack of security in the circuitry of Internet of Things (IoT) devices such as smart appliances, home alarm systems, thermostats, baby monitors, pool heater controls, door cameras and other items connected to the internet that can be accessed and controlled by cybercriminals.
Couple a consumer’s passion for internet connected gadgets with vulnerable wireless routers and computers, and an entire network of malware infected devices, called a botnet, can be activated and remotely controlled by botmasters to orchestrate a large-scale attack. Because botnets invade at a level deeper than normal viruses, users often don’t know their system is infected.
Botnets aren’t solely a tool of cybercriminals. Similar connected networks of computers are actually quite useful, and have many practical business applications, such as managing chatrooms and performing repetitive tasks.
The problem of malicious botnets, however, is real, and very serious. Compromised home devices have already caused immense internet outages. Using millions of botnet-infected member devices, Dyn, a New Hampshire-based company that monitors and routes Internet traffic, was hit with a massive distributed denial of service (DDoS) attack in 2016, when a botnet flooded servers with millions of fake requests for information, knocking them offline and taking down a significant portion of the internet.
Industry experts predict if there is not an immediate and radical change to security of IoT devices, botnets could take down the entire internet in the future. Botnets also commit e-banking fraud and illegally mine cryptocurrencies such as Bitcoin.
How botnets work
The term botnet was coined from combining robot with network. A bot in this case is a device, such as a smart refrigerator connected to the internet through your home wireless router, that becomes infected by malware, which then becomes a soldier in a network army of infected devices controlled by a single attacker or attack group.
Botnet malware scans the internet for vulnerable devices. One area of potential weakness are devices and wireless routers that don’t have a secure password. Once enough devices are infected, botnets carry out automated tasks, such as diverting fraudulent traffic to certain fake web advertisements.
One smart refrigerator will not have enough bandwidth to cause much damage, but combine that with millions of devices from homes across a wide geographic area, and a cybercriminal has enough power to launch a major attack.
Preventing botnet attacks
Botnets are hard to detect, even on a computer, because they operate on a deeper level than most anti-malware software can detect. But there are a few things consumers can do to prevent a botnet invasion.
Protect your router
It is crucial for all home users to reset the factory password that came with their regular or Wi-Fi internet router. Default factory passwords are easily obtainable. Hackers can discover an unprotected router, or hack into one with a factory password, within a few hours of connecting to a network.
If your router is older than five years, consider replacing it so that the security protocols stay up to date.
Create a strong Wi-Fi password with a unique combination of upper and lowercase letters, numbers and symbols. When setting up your network, use a strong form of Wi-Fi encryption such as WPA2.
Help your parents, grandparents and other seniors in your life with router passwords and setting up a secure home network. If it is not in your wheelhouse, a mobile computer service person can do this task for an affordable rate—just make sure they are licensed and bonded. You don’t want the neighbor kid having your crucial passwords.
Bluetooth wireless devices are relatively secure because they operate over a short range and are therefore not efficient to join an army of infected devices.
The only fail-proof protection from a vulnerable device is to not use it
Be suspicious of every device that connects to the internet. There are so many out there, to come up with a complete list would be impossible. Part of the issue is that creating stronger security is expensive, and often, device manufacturers are unwilling to add to their costs. Many IoT devices do not come password protected, or if they do, passwords are hardwired and users are not allowed to make changes.