The Internet of Things (IoT) has amazing potential to change our lives. It also has amazing potential to let cybercriminals into
your IoT home network.
You have an IoT Home Network if you have a Wi-Fi router (it
is an IoT device) as well as any smart device like a security camera, smart
speaker/TV/appliance or even your Wi-Fi connected car.
The Internet of Things (IoT) has the power to make our lives easier and more convenient. By 2020, there will be more than 20.8 billion Internet-linked consumer devices in homes around the world. These include smart locks, doorbells, cameras, microwaves, home appliances, air conditioning, lights, power management and so much more.
An unsecured IoT home network is a cybercriminals ‘buffet.’
In 2016, most of America’s East Coast internet went offline because of a botnet. The Mirai malware attack took over more than 2.5 million IoT devices in the home and small business networks up and down the coast.
Since that time, this same malware has hit 100,000
telecommunications customers in the UK and 900,000 in Germany. Because the
Mirai botnet uses open source coding, it evolves from attack to attack, and
hacker to hacker, staying one step ahead of security experts to permanently eradicate it.
Threats like this raise questions: How is this possible?
What can we do to protect our home networks without giving up the perks of high-tech innovation?
GadgetGuy collaborated with Sam Bocetta, a freelance journalist specialising in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography to provide top tips to secure your IoT home network.
Security concerns inherent in any IoT Home network
The fast proliferation and increased connectivity of smart home systems in Australia highlight the benefits of IoT home networks – and the potential for problems.
The same issues that make web pages insecure also affect your IoT home network. Most IoT devices run a small web interface to allow internet connection to them.
The Mirai botnet attacks IoT ‘web-servers’ using common logins passwords like admin/admin.
Mirai works because many people never change the factory defaults (and we need these initially to set up the IoT device). Mirai inserts malicious code into vulnerable devices that can spread to every other device on the network.
On April 23, 2016, the VideoLAN Organization visually
recorded a DDoS attack on its servers. Botnets relentlessly attack IoT devices
until it finds a weakness – or they move on.
If such attacks
confound security experts, how can the average homeowner dream of keeping their
According to a Symantec study, there was a 600% increase in attacks on IoT networks between 2016 and 2017. Not promising – expect this trend to intensify.
Your five-Sep Plan
for IoT Home network security
These strategies are just a starting point for securing IoT home networks. If you have a craving to get next-level serious about preventing hacks of your system, read this report on strategic IoT installation from US Homeland Security.
1- Put your home network security before your convenience
Security experts’ shudder at IoT and any device having
unfettered access to the internet – it is like unprotected sex.
Understand that the same network IoT devices connect to also
accesses computing devices that may have sensitive personal, financial
information and passwords. IoT is a backdoor
and a hacker’s buffet.
How do you think about security?
Research any IoT appliance, accessory, and device before
purchase. Search for the brand/model and the words vulnerabilities and hack. In
many cases, the hack loophole has been fixed so ignore old reports. It is a good
start to think security and to design the entire IoT network from a safety, not a convenience point-of-view.
2. Secure your network
Once you have chosen the most secure devices and appliances
you can find, it’s time to consider the security of the network itself.
Get rid of default
One of the main IoT vulnerabilities is using default or weak
passwords. When you install a new router or add new devices to the network, be
sure to change the password to something new and hard to guess.
Current best practice is a password of at least 12 characters long with a mixture of upper-case and lower-case letters, numbers, and symbols. You must create a separate password for each device and one for the network and change them every three months. Adding multi-factor authentication into the mix wouldn’t be a bad idea either.
The good news is that there is a variety of free or low cost, easy-to-use password managers to keep you from having to remember them all. GadgetGuy recommends the free or premium LastPass that works on Windows, macOS, iOS and Android. It puts all passwords into its secure vault and when it detects that you need to enter a login or password auto-fills it for you. You can change your passwords regularly using its password generator.
3. Segment networked
There is much support
for having separate networks for IoT and
computing devices. This is the tech
equivalent of not keeping all your eggs in one basket.
This step is the hardest for Joe and Jane Average. There are
a few options.
Easiest, more costly and probably the most secure:
This router protects the network from botnets and hack
attacks as well as performing as an AC2600 router. It checks for default
passwords and advises you of those IoT devices using them. It can also protect online
and mobile devices.
The downside is that an AC2600 router may not have the bandwidth for a large Aussie home no the 20+ devices typically found on the network. GadgetGuy recommends adding to your existing home network.
Easy, no or low cost and
Connect all IoT devices to a guest network
Assuming you already have a Wi-Fi and cabled home network set
up you can use the Guest network option if it separates the traffic to a different
For example, the main network
may be 192.168.0.1-256 and guest
network 192.168.1.1-256 – traffic
cannot pass between insecure IoT and sensitive computers. The easiest way to
check is to turn on the guest network and log in via a smartphone to see your
IP address. If it is a different subnet,
it is a separate network
The only downside is that you need to log into the guest
network to use the apps that may control IoT.
Harder, more costly
and most secure
Leave your existing network as is for your computers and smartphones.
Get a second router or a D-Link D-Fend and connect it to the Internet gateway WAN via an Ethernet cable. This is like the guest network option but physically isolates the two networks.
Look for a router that supports a paid VPN service that
supports L2TP/IPsec (easy and secure) or DD-WRT Open VPN (much harder but rock-solid
A VPN masks your identity, location, and data flow in either direction by establishing a secure ‘tunnel’ between the network and open internet. All traffic uses encryption – chose a VPN provider with the latest encryption protocol – military-grade 256-bit AES.
This option is best as it keeps traffic off the main network, you can use mesh or access points
to expand the IoT coverage area, and the VPN stops botnets in their tracks.
4. Install security
Layers of security provide more safety for your network. If
one layer is breached, other functioning
protection remains in place. To use an analogy what is the point of locking the
front door if the back door or windows allow access. Security software is
end-point protection – it sets up a defensible perimeter around the computer or
There are lots of good
anti-virus/malware products including Norton, McAfee, Trend Micro, Kaspersky,
ESET, Check Point, Bitdefender and more.
5. Keep everything up
Regularly check your router’s firmware, IoT devices and
appliances have up to date firmware and apps. Do this via the IoT app, router administration
page or the device itself. Make a recurring calendar note to do this preferably
monthly – at least quarterly.
The same goes for your anti-virus and anti-malware software
and the operating system that powers your devices. Install manufacturer updates
as soon as they are available.
Confused – it may be
good to consult an expert before embarking on IoT
Don’t call GadgetGuy – we don’t provide that service. If you
are techy, then IoT security is a walk in
the park, and you will go OpenVPN.
If you are not, take this
article to your local computer fix-it guy and discuss options with them. A couple of hours is all that it should take.
Home Automation can be a double-edged sword. Until tech
experts find a comprehensive way to balance convenience with security, we
humans with IoT home networks are the nervous first line of defence against
malicious intent. And humans are the weakest
link in the chain.
Malware and other security threats will continue to seek to
exploit inherent network vulnerabilities.
Make it harder for hackers and their and botnets to gain
access to home and business IoT networks.