This holiday season there are more Internet connected gifts than ever. When you open your Christmas gifts this year, you can count on it that there will be toys, cameras, game consoles, music players, TVs, appliances – and who knows what else – that connect to the Internet. (I just found a mousetrap that connects to the Internet!) These gadgets use your household WiFi to connect to the Internet. And this is, of course, the same Internet that you use day-to-day to search the web, help with homework, and to do your banking. And because you do those things, you’ve learned to be at least aware of Internet security.
This explosion of Internet-connected stuff is called “IoT” – the Internet of Things. All IoT devices, no matter how trivial they seem, have little computers inside that communicate on the Internet, and they all are vulnerable to being commandeered by pirates and hackers. It is not safe to assume IoT devices are secure until you, personally, make them that way.
There are almost as many reasons for hacking your IoT as there are bad guys. One of the most common is to watch what is happening on your Internet connection and send it back to Bad Guy HQ. What they capture can include, for example, account info that you use for shopping and banking and those expensive accounts that your kids use to play video games. It’s safest to just assume that the bad guys are trying to get into your IoT. They are.
You need to make sure that the IoT devices you invite into your home are safe right from the start; that they are setup properly to protect themselves and so, you and your family. Before connecting an IoT device, read the setup guide to see how to change the name of the device (that shows on your network) and change its password. It should be renamable, but, at minimum, it must have a password that you can change. If it doesn’t have a password that you can change, then it is not safe. Let me repeat that, for emphasis. If it doesn’t have a password that you can change, then it is not safe.
Change the Password!
Seriously, you must do this. Leaving IoT devices unsecured is the Internet equivalent of leaving your house unlocked. Leaving the password unchanged from the factory default is giving thieves the master key. (There are lists online of the default passwords for every imaginable IoT device.) Pick unique passwords and use a different password for every device. Even if you just change a number in the password for each device, do it. Make it a weird number, like a series from your favorite multiplication table. Like: “0PassTree” or “9PassTree” or “18PassTree” or “27PassTree.” You get the idea. Make them different.
Another thing that you can count on with hackers: If they do figure out one of your passwords, they will try it with other services and devices. Count on it. Reusing passwords is not safe.
Update Your Devices to the Latest Firmware.
Firmware is the software that is loaded into a device at the factory to make it work. Security vulnerabilities will be fixed as the maker discovers them, and then they will publish new firmware. When you first setup new IoT devices, follow the maker’s instructions to be sure that you have the latest updates. If there’s an option to automatically update the firmware, make sure that it is selected. If automatic is not an option, then set a schedule for yourself to check for updates every month or so.
Consider a Separate Network.
Be Wary of Strange Devices on Your Network.
If friends, and kids’ friends, bring Internet-connected devices to your home, remember that you don’t know what malware these devices have been exposed to. Offer them the use of your Guest network, but don’t give them access to yours.
I hope I haven’t scared you away from the IoT. The conveniences and amusements it brings are many and worthy. Just try to stick to these rules, and have a safe and jolly IoT Christmas!
Mike Pepper, The Computer Guy, has been providing software and hardware support in New York and Connecticut for more than 35 years. He can be reached at (845) 855-5824, or www.PawlingComputerGuy.com.