Description

Smart devices are the everyday items that connect into a common network
that can be independently and remotely controlled. This can include both
'hi-tech' items (smart speakers, fitness trackers and security cameras),
and also standard household items (fridges, light bulbs and doorbells).
These devices can be controlled from smart phone or through a mobile touch
screen device.

These devices are usually connected to the internet using Wi-Fi. It gives a
live camera feed, receive alerts and gives record footage. As technology
development continues to expand, home automation helps us to manage all of
home devices from one place, flexibility for new devices and appliances,
maximizing home security, remote control of home functions, increased
energy efficiency etc.

At the same time, appliances and devices that connect to the internet and
to each other on your home network, becomes an increased risk of becoming
the target of cybercriminals. If your home network isn't secure, each new
gadget represents a potential access point for hackers. These hackers can
steal and misuse your personal information and even take control of those
smart cameras or microphones to spy on you.

Existing vulnerabilities, poor configuration, and the use of default
passwords are among the factors that can aid a hacker in compromising at
least one device in a smart home system. Once a single device is
compromised, hackers can take a number of actions depending upon on the
capabilities and functions of the device.

Beginning from the front door, for example, there can be a smart lock. If
compromised, the smart lock can give hackers control over who comes in or
out of the house.

Or a smart speaker, serves as the conduit for voice-initiated home
automation commands. If compromised, it can allow hackers to issue voice
commands of their own.

Devices like smart robot vacuum cleaners, which have some mobility around
the house, can provide hackers information about the home's layout, which
in turn, can be used by the hackers in planning further activities and
movements.

Portable and wearable smart devices add another layer of complexity to IoT
security concerns, as these devices traverse both enterprise and home
environments. Devices, such as smartwatches are typically brought by users
to the office, and then brought back home at the end of the day. A malware
infection picked up in one environment, can spread to the other if the
"bring your own device" (BYOD) policies in place are weak or if
adequate security measures are not taken to prevent such a threat.

Best Practices for Securing Smart Devices

·        Setting up device: Before buying a new device for your home,
consider doing some research on it. Understand what kind of features and
details are included and pick devices that have clearly considered quality
and security as main features. For setting up a specific device, refer to
the manufacturer's documentation.

·        Use a strongest possible encryption method for Wi-Fi.

·        Set up a Separate Wi-Fi Network for IoT Devices: By creating a
separate network dedicated to your IoT devices, you can safeguard your main
network against IoT threats. Visitors, friends and relatives can log into a
separate network that doesn't tie into your IoT devices. As placing IoT
devices on a different network keeps them detached, if hackers do manage to
get through, they can't access any of your more important devices.

·        Change the default username and password: Cybercriminal uses
these well-known passwords to access the camera remotely and view live
video or images of our home. Avoid common words or passwords that are easy
to guess, such as "password" or "123456."  Instead, use unique,
complex passwords made up of letters, numbers, and symbols for Wi-Fi
networks and device accounts. You may also consider a password manager to
up your security game.

·        Disable the unwanted features. Many IoT devices give you the
ability to control them from anywhere on the planet. But if you only use
them on your home's Wi-Fi connection, disable remote access. Smart
speakers often have Bluetooth connectivity in addition to Wi-Fi. Turn it
off, if you are not using it.

·        Setting up Router: Many routers use technologies called UPnP and
port forwarding to allow devices to find other devices within your network.
Cyber criminals can exploit these technologies to potentially access
devices on your network, such as smart cameras. Disable the UPnP and port
forwarding on the router to prevent cyber-criminal access. Don't stick
with your router's default name, which is usually its make and model.

·        Managing account: Two-factor Authentication provides a way of
double checking and makes much harder for criminals to access online
accounts, even if they know the password.

·        Keep your software up to date: Installing software updates help
keep devices secure. Updates to many IoT devices may not happen
automatically. Hence, do a manual check every few months, and if you find
any pending firmware updates, install them right away. If available, enable
the option to install automatic updates.

·        Protect your smartphone: Most home smart technology and security
systems can be controlled by an app on your mobile phone, so protecting
your smartphone is crucial. Be sure you have your smartphone
password-protected so that if your phone is lost or stolen, no one will be
able to access your home smart tech or security system apps.

·        Audit the IoT devices already on your home network.

·        Watch out for outages: Ensure that a hardware outage does not
result in an unsecure state for the device.

·        Perform a factory reset when malicious control/access of a device
in your home.

·        Perform factory reset before selling the device: If you decide to
sell or give away one of your smart electronics, follow the
manufacturer's instructions to remove all of your data. Otherwise, the
next person who gets their hands on it may automatically access all of your
information or communicate with other devices on your network.

References



rt-home-devices/


in-Your-Smart-Home.aspx

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Related Posts

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top