IoT Security: 5 Simple Steps to Keep Your Smart Home Safe
As reported in tech news lately in the Independent,Millions of hacked toothbrushes could be used in cyber attack, researchers warn, research from Fortigate has shown that an Item such as a smart toothbrush could be used to DDOS websites.
We all have several home internet-facing devices, from Smart TVs, smart lightbulbs, security cameras and Streaming sticks. By themselves, if you buy genuine hardware from an honest and reputable company, these devices pose little danger to your cyber security. But if you are buying clones or cheap copies of brand items, you may be letting hackers into your home network where they can lie in waiting, scanning your web for your logins and credit card details.
Issues like this research highlights occur when millions of people buy these devices and don't change the defaults, such as user names and passwords, and or don't check if the devices are updated with critical patches to remove vulnerabilities.
Here are the top 5 things you should do when you buy an Internet-enabled device for your home.
1. Change the Default username and password: if you leave the password to log into your security camera as "admin", a hacker only needs to guess your password. And to be honest, they don't even have to think most of the time. Most likely, if you have had an email address for more than 5 years and you are using the same password or even two or three passwords for all your accounts. They are in a dark web database.
Time to update your password: 26 billion personal records just leaked
The simple task of removing the admin account or changing the name dramatically increases your network security.
You might have heard of this site before,
This site lets you check if your data has been leaked on all major websites and social media accounts.
It pains me to say this but I see it all the time, people still have weak passwords like 123456789, qwertyuiop[1 and p@ssw0rd123456.
Use strong passwords people it's 2024.
2, Use a Strong Password: This might be oblivious to some, but a long password you can't remember offhand is necessary. A password manager is a must these days. Many on the market offer a freemium version, such as LastPass, bit warden and Nodpass, to mention a few. I would suggest people not to use that password manager on there browsers like Chrome.
If you have Admin access to your computer and it is hacked, they will have access to all info on your browser.
3, Multi-Factor Authentication. (MFA): This is a must, especially if you cannot change your username on an account. You are most likely using MFA for your work emails and accounts, and if you are not, you will be shortly.
There are multiple ways to have an MFA, from emailing a second account with a verification code to sending you a text and an MFA app like Microsoft Authenticator .
Just remember to back up your account details regularly. I would set up the accounts to MFA every time I log in, but some sites will recognise you for 30 days and even up to 90.
If you use your phone number to text you a one-time code but you have changed your phone or your phone is broken, and you can't access it, you may be locked out of your account.
4, Updating the devices: I see this a lot these days. Some people will not run updates. Maybe it harks back to the days when an update could take 30 minutes to complete and would start at the most inconvenient time, but those days have passed. Computing devices are multiple times faster these days, and updates are generally downloaded and installed in the background, waiting for a restart to complete the installation.
Updates fix any issues and vulnerabilities in the code that your device uses. These can be exploited to let someone access your devices and or spy on your network.
4, Disable Unnecessary Features: Some IoT devices have features you may not need. Disable any unnecessary services or protocols to reduce attack surfaces. For example, if your smart light bulb doesn’t need remote access, disable it.
5, Monitor Network Traffic: Look for suspicious activity or unexpected connections. If you notice anything unusual, investigate promptly. This could be as easy as setting up an email alert when someone logs in to a device. Don't be afraid to unplug the device if you are unsure.
If the activity goes away, power the device back on and reset it. There is usually a reset button on all these devices.
With these 5 points, you will harden your security posture on your home network.
Follow my blog for more news and info on securing your home network.
