“I’m going to kidnap your baby. I’m in your baby’s room.”
In December 2018, a Texas couple had settled their infant son to sleep for the night when – to their horror – they heard a voice coming from the nursery, threatening to kidnap their child. Rushing into the room, they found that the voice was coming from an IoT-enabled baby monitor which had been compromised by hackers.
This is one of several stories that have emerged about smart devices in the home being hacked, and comes amid accelerating IoT usage worldwide. Data from Statisa predicts there will be 30.9 billion connected IoT devices globally by 2025, up from 13.8 billion units today; a sharp increase boosted by the implementation of 5G networks.
IoT devices in the home range from voice assistants to smart TVs, doorbells, locks, fridges, toasters, security systems, plumbing, and much more. IoT-connected cars are becoming increasingly common, particularly as the race towards autonomous vehicles speeds up. Businesses are also bristling with IoT, ranging from smart office products and smart lighting to industrial equipment monitoring devices that can optimise productivity and enable predictive maintenance.
While the need for cybersecurity in an office environment is relatively well-known, users tend to be a lot more lax when it comes to cybersecurity at home. And with the rise of remote work, the boundaries between home networks and business devices and networks have become increasingly blurred.
This means that a single smart home device used for work can potentially compromise an entire enterprise’s security.
How IoT devices can provide hackers with a bridge to your network
While the baby monitor story is chilling, it reveals only one part of the risks involved in IoT security. Hackers accessing individual devices can cause mischief (eavesdropping via your voice assistant, dimming your smart lights, locking your smart door and so on), but the bigger prize is gaining access to your network.
Any compromised IoT device can act as a bridge to your home or workplace network, from which point cyberattackers can install malware, steal passwords and data, or launch a ransomware attack. In one case, a security company managed to hack into a home network through an unexpected IoT device: a smart lightbulb.
Consumer IoT devices are especially vulnerable. They’re typically designed to be as low-cost as possible, which means manufacturers often build them with outdated hardware and software. Even if the devices do have security options, many consumers leave them set on default, viewing these devices as simple appliances rather than the network-enabled computing devices they really are.
To keep their network secure, organisations need to educate their employees on how to safely access the corporate network when they’re working remotely, while workers need to make sure they take appropriate steps to safeguard themselves and their workplace from IoT cyber risks.
Five ways to increase the security of IoT devices
1. Change default passwords
While most of us are careful to change default passwords when setting up a new laptop or opening an online account, we tend to forget about the security of mundane items, like a cheap baby monitor or IoT-enabled thermostat. When you open the app that connects the advice to your smart home hub, changing the default password should be the first order of business.
2. Do not reuse usernames and passwords
It can be tempting to reuse the same password several times, but doing so means a hacker that has compromised an IoT device will have a way in to other accounts, such as your online banking or office email.
3. Use two-factor authentication (2FA)
The small inconvenience of having to complete an extra step when signing in to a device is worth the payoff in terms of added security.
4. Enable automatic updates
IoT vendors that take security seriously do not use a set-and-forget approach to IoT device protection; they have teams of security experts who are constantly monitoring the cyber threat landscape and providing patches in the form of updates in response to new threats. Do not fall into the habit of ignoring or delaying software updates; instead, enable automatic updates on every connected IoT device in your home or business.
5. Create separate networks
This can get expensive, but it may be worth creating a separate network just for your work-related devices. For example, your phone and laptop (which contain credit card details, personal data, business emails and access to your employer’s shared drive) could be on a virtual private network, while everyday IoT devices like your smart fridge or baby monitor could be on your home network. In any case, use firewalls and network security tools whitelisted by your IT department to keep your work data secure.