The Internet of Things (IoT) has amazing potential to change our lives. It also has amazing potential to let cybercriminals into your IoT home network.
You have an IoT Home Network if you have a Wi-Fi router (it is an IoT device) as well as any smart device like a security camera, smart speaker/TV/appliance or even your Wi-Fi connected car.
The Internet of Things (IoT) has the power to make our lives easier and more convenient. By 2020, there will be more than 20.8 billion Internet-linked consumer devices in homes around the world. These include smart locks, doorbells, cameras, microwaves, home appliances, air conditioning, lights, power management and so much more.
A quick overview of the IoT home network.
The real problem is that escalating use of IoT leads to home network congestion and often gaping security holes.
An unsecured IoT home network is a cybercriminals ‘buffet.’
In 2016, most of America’s East Coast internet went offline because of a botnet. The Mirai malware attack took over more than 2.5 million IoT devices in the home and small business networks up and down the coast.
Since that time, this same malware has hit 100,000 telecommunications customers in the UK and 900,000 in Germany. Because the Mirai botnet uses open source coding, it evolves from attack to attack, and hacker to hacker, staying one step ahead of security experts to permanently eradicate it.
Threats like this raise questions: How is this possible?
What can we do to protect our home networks without giving up the perks of high-tech innovation?
GadgetGuy collaborated with Sam Bocetta, a freelance journalist specialising in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography to provide top tips to secure your IoT home network.
Security concerns inherent in any IoT Home network
The fast proliferation and increased connectivity of smart home systems in Australia highlight the benefits of IoT home networks – and the potential for problems.
The same issues that make web pages insecure also affect your IoT home network. Most IoT devices run a small web interface to allow internet connection to them.
The Mirai botnet attacks IoT ‘web-servers’ using common logins passwords like admin/admin.
Mirai works because many people never change the factory defaults (and we need these initially to set up the IoT device). Mirai inserts malicious code into vulnerable devices that can spread to every other device on the network.
On April 23, 2016, the VideoLAN Organization visually recorded a DDoS attack on its servers. Botnets relentlessly attack IoT devices until it finds a weakness – or they move on.
If such attacks confound security experts, how can the average homeowner dream of keeping their system safe?
According to a Symantec study, there was a 600% increase in attacks on IoT networks between 2016 and 2017. Not promising – expect this trend to intensify.
Your five-Sep Plan for IoT Home network security
These strategies are just a starting point for securing IoT home networks. If you have a craving to get next-level serious about preventing hacks of your system, read this report on strategic IoT installation from US Homeland Security.
1- Put your home network security before your convenience
Security experts’ shudder at IoT and any device having unfettered access to the internet – it is like unprotected sex.
Understand that the same network IoT devices connect to also accesses computing devices that may have sensitive personal, financial information and passwords. IoT is a backdoor and a hacker’s buffet.
How do you think about security?
Research any IoT appliance, accessory, and device before purchase. Search for the brand/model and the words vulnerabilities and hack. In many cases, the hack loophole has been fixed so ignore old reports. It is a good start to think security and to design the entire IoT network from a safety, not a convenience point-of-view.
2. Secure your network
Once you have chosen the most secure devices and appliances you can find, it’s time to consider the security of the network itself.
Get rid of default passwords
One of the main IoT vulnerabilities is using default or weak passwords. When you install a new router or add new devices to the network, be sure to change the password to something new and hard to guess.
Current best practice is a password of at least 12 characters long with a mixture of upper-case and lower-case letters, numbers, and symbols. You must create a separate password for each device and one for the network and change them every three months. Adding multi-factor authentication into the mix wouldn’t be a bad idea either.
The good news is that there is
3. Segment networked devices
There is much support for having separate networks for IoT and computing devices. This is the tech equivalent of not keeping all your eggs in one basket.
This step is the hardest for Joe and Jane Average. There are a few options.
Easiest, more costly and probably the most secure:
Buy D-Link’s $499.95 D-Fend McAfee embedded router.
This router protects the network from botnets and hack attacks as well as performing as an AC2600 router. It checks for default passwords and advises you of those IoT devices using them. It can also protect online and mobile devices.
The downside is that an AC2600 router may not have the bandwidth for a large Aussie home no the 20+ devices typically found on the network. GadgetGuy recommends adding to your existing home
Easy, no or low cost and adequate security
Connect all IoT devices to a guest network
Assuming you already have a Wi-Fi and cabled home network set up you can use the Guest network option if it separates the traffic to a different ‘sub-net’.
For example, the main network may be 192.168.0.1-256 and guest network 192.168.1.1-256 – traffic cannot pass between insecure IoT and sensitive computers. The easiest way to check is to turn on the guest network and log in via a smartphone to see your IP address. If it is a different subnet, it is a separate network
The only downside is that you need to log into the guest network to use the apps that may control IoT.
Harder, more costly and most secure
Leave your existing network as is for your computers and smartphones.
Get a second router or a D-Link D-Fend and connect it to the Internet gateway WAN via an Ethernet cable. This is like the guest network option but physically isolates the two networks.
Look for a router that supports a paid VPN service that supports L2TP/IPsec (easy and secure) or DD-WRT Open VPN (much harder but rock-solid security).
A VPN masks your identity, location, and data flow in either direction by establishing a secure ‘tunnel’ between the network and open internet. All traffic uses encryption – chose a VPN provider with the latest encryption protocol – military-grade 256-bit AES.
This option is best as it keeps traffic off the main network, you can use mesh or access points to expand the IoT coverage area, and the VPN stops botnets in their tracks.
4. Install security software
Layers of security provide more safety for your network. If one layer is breached, other functioning protection remains in place. To use an analogy what is the point of locking the front door if the back door or windows allow access. Security software is end-point protection – it sets up a defensible perimeter around the computer or smartphone.
There are lots of good anti-virus/malware products including Norton, McAfee, Trend Micro, Kaspersky, ESET, Check Point, Bitdefender and more.
5. Keep everything up to date
Regularly check your router’s firmware, IoT devices and appliances have up to date firmware and apps. Do this via the IoT app, router administration page or the device itself. Make a recurring calendar note to do this preferably monthly – at least quarterly.
The same goes for your anti-virus and anti-malware software and the operating system that powers your devices. Install manufacturer updates as soon as they are available.
Confused – it may be good to consult an expert before embarking on IoT
Don’t call GadgetGuy – we don’t provide that service. If you are techy, then IoT security is a walk in the park, and you will go OpenVPN.
If you are not, take this article to your local computer fix-it guy and discuss options with them. A couple of hours is all that it should take.
Home Automation can be a double-edged sword. Until tech experts find a comprehensive way to balance convenience with security, we humans with IoT home networks are the nervous first line of defence against malicious intent. And humans are the weakest link in the chain.
Malware and other security threats will continue to seek to exploit inherent network vulnerabilities.
Make it harder for hackers and their and botnets to gain access to home and business IoT networks.