Navigating the Ocean of Technology - Part 4
After soldiering through part 3 of this blog series, you should have a more secure network in your home. We still need to talk, though, about those “Internet of Things” (IoT) things.
Just for some context, we’re talking about all those things in your home that aren’t computers, tablets or phones but still connect to the Internet. That could (really!) be: light bulbs; sprinkler systems; security alarms; web or security cameras; doorbells; thermostats; printers; smart-TVs; garage-door openers; appliances large-and-small; and, an ever-growing list of more devices. Your versions of these devices may not (and very probably don’t) connect to the Internet. In general, unless you can control it with an app, it probably doesn’t connect to the Internet.
Internet-of-Things devices offer convenience and flexibility but they come with dual risks. We can call them inbound and outbound risks.
The inbound risk is that IoT devices allow access to your home network through the Internet. The holes through which the bad guys crawl are opened by your devices.
Manufacturer provides some sort of security but the quality of that security can vary wildly. Also, since most of these devices are not automatically updated, any security issues that arise are most often left unresolved because the owners aren’t aware of the issue and often don’t know how to apply fixes.
The outbound risk is one that owners of these devices willingly (but maybe not with cognizance) accept. The app that allows you to control the device also sends information directly to the manufacturer - wherever they may be. The amount of information being sent out can be quite startling and can include: your location when you are controlling the device; the location of the device (at the very least, through IP address mapping); your sleep/wake habits; home/away habits; contacts; video; audio; and much more. If you have one of these apps (or any app, for that matter), you might want to check which permissions it requires.
Many people use these devices without apparent problem and willingly accept the risk load with which they are burdened. Still, there has recently been a dramatic increase in what are called Distributed Denial of Service (DDoS) attacks. These attacks are the Internet equivalent of flooding a telephone switchboard with more calls than can be handled. The effects of DDoS attacks are debilitating and expensive and can be quite dangerous, depending on the target. How does this relate to our discussion of IoT devices in the home? You probably already guessed that those IoT devices were exploited by the bad guys to launch those DDoS attacks. Every one of the tens-of-thousands of devices were owned by people who willingly accepted that risk load. Ironically, those owners are hardly affected by the DDoS attack because each device places a very small role. The owners are only noticeably affected if they are trying to use the website under attack.
When considering an IoT device, make sure the manufacturer is reliable and that they have a workable system for patching vulnerabilities (ask to see the process demonstrated).
If you have questions or suggestions on future topics, write us at firstname.lastname@example.org or follow us on Facebook (#CompassComputerClinic). Stay safe and be happy!