Keeping the Internet of Things Secure

Written by VIRTUS Data Centres Published 2014-08-29 08:00:00

As we've already discussed in our series, the Internet of Things is a phenomenon that is only going to grow. While some applications may seem frivolous now, the practicalities of smart devices throughout the home and office will mean that they will soon become an invaluable part of personal and work life.

However, the increased convenience and practicality comes with an increased threat to security. There have already been multiple accounts of people hacking and infiltrating Internet of Things enabled devices. Unencrypted networks and a failure to update factory passwords are just two of the aspects that mean objects are open to hacking, as well as the fact that they collect and store personal information.

IOT II

Image credit

For example, using smart devices to set your heating to come on an hour before you get home from work can enable a hacker to see, based on the concurrent pattern of timings, when your house will empty and therefore open to potential invaders. Therefore, it is vital that users of smart devices and Internet of Things processes are aware of the possible sensitive nature of information than they may not consider as important when setting up these beneficial systems.

Other examples of the Internet of Things as a threat to home and personal security include baby monitor cameras being controlled by strangers. One case that was particularly disturbing was reported in Ohio in April of this year, and was picked up by worldwide news media. See the Independent's article on it here for more details.

HP carried out a comprehensive study that sums up just how limited security is currently, with a few of the highlights of their findings being particularly worrying:

–          90% of devices collected at least one piece of personal information via the device, the cloud or its mobile application

–          70% of devices used unencrypted network services

–          6 out of 10 devices that provide user interfaces were vulnerable to a range of issues such as weak credentials.

With this in mind, security has to be a priority for anyone who is either currently using smart devices, or is thinking about incorporating the Internet of Things into their home or work life. All too often the practicalities can overshadow the potential damaging effects of security limitations.

Firstly, keeping the home or office Wi-Fi tightly secure with a complex password helps to prevent hackers accessing your personal network on internet-enabled 'things'. Ideally this will be a unique password that isn't used anywhere else on your network to avoid phishing, and one that will contain a minimum of eight characters and a mixture of upper and lower case as well as punctuation and numbers. Prevent any guest access and give the password out sparingly, only to those you trust.  Also change this password often.

Continuing to use Network Access Control in workplaces, which specifies that only anti-virus approved devices can access networks is important to uphold as we add devices to the workplace Internet of Things. This avoids malware being fed through corporate IoT networks to everyone's connected devices.

Ultimately, however, there is only so much the end-user can do in an attempt to secure their enabled devices. Instead, the impetus has to be on the designers and creators of products that are made in order to work as part of the Internet of Things to ensure cyber-security is at the forefront of their framework. Hopefully, as more and more 'smart' devices are created, this need will become ever more apparent and be fully integrated by the time it reaches the user. In the meantime, caution is necessary when comprising our own personal network of interconnected devices at home or at work.