How to Protect IoT Devices from Attacks by Cybercriminals

Today we can find a large number of smart devices to install in our homes, which can do things like turn on lights, play music, notify you of your pending tasks for the day, give you curious information, tell you how long it will take to get from your home to work with traffic in mind, as well as endless other possibilities. These devices, like everything we connect to the Internet today, are not exempt from being attacked by cybercriminals with the worst of intentions. In this article we are going to teach you how to protect your smart home from attacks on your IoT devices.

A very important branch of technological advancement is based on comfort, from it was born the idea of smart homes and all the devices that would make our lives easier by performing tasks for us. Virtual assistants such as Google Home or Amazon Alexa drink directly from this source. Thanks to them we can ask their star devices for simple things, such as the time or the weather, even other types of work such as turning on lights, putting on music, announcing a message on all the speakers arranged around our house, opening or closing blinds, adjust the temperature of the heating of our house or connect devices such as the well-known automatic vacuum cleaners.

Protect IoT Devices from Attacks by Cybercriminals

All this and many other things from a practically unlimited list, it can be scheduled for a specific time, or when we give a personalized order to our assistants. With this, actions are achieved such as that at a certain time the lights of a room are turned on, music is put on and they say good morning together with the list of tasks that we have planned for that day.

Growth of IoT devices and cybercriminals

This trend does not stop growing, every day more and more of these devices are sold , which we install following the instructions, but without realizing that, like any device that we want to connect to the network, it is susceptible to being attacked by those people who normally don’t mean well, cybercriminals.

There have been cases that have been quickly viralized, for example, those dolls that have recorded personal information as well as children’s conversations with their parents, kitchen robots that stored their owners’ data, as well as the case revealed by researchers from a well-known North American company in the field of cybersecurity in which they infected a Phillips smart bulb and from there they managed to access a computer on the same local network and steal its information.

What to keep in mind when buying an IoT device?

Each IoT device depends on communication protocols used by the manufacturer that created them, which adheres directly to the cybersecurity policy that it has. Most of the devices that we have on the market are “maintenance-free” devices, that is, we pay for the device and we do not make any more expenses related to it. This can be a mistake, since these are devices that do not receive regular updates against new threats and are only intended to deal with threats that existed at the time of their design.

In reality, there are very few devices that carry maintenance on them, which in most cases is subject to a subscription which we must pay monthly to be protected against the attacks of new vulnerabilities that arise for this type of device. , as is the case with Nuki’s automatic locks. This manufacturer focuses its efforts on keeping its devices up to date with any new attack, since they protect a fundamental point of our homes, the front door.

This brings us to the fundamental point for the protection of our home, the final user configuration on the router . This configuration, by default, is carried out by our network operator, which follows its own parameters that are not focused on this type of technology.

How to reinforce security on our devices

Each IoT device has its own application, this application will need us to log in with a username and password, which we can change, but most users leave the information that comes by default, which is one of the first and largest mistakes we make when configuring an IoT device, we will always change the username and password for these types of applications defining one that, at least, cannot be deciphered by some behavioral engineering attack (a mother’s birthday, date of birth of a child or the name of a pet).

We must also pay attention to the place from where we make the connection, today, we can act on all the devices of our smart home both from inside the home connected to the Wi-Fi network, and outside it connected by 3G / 4G / 5G. We can and must restrict access to these devices from outside, or at least hire a Cloud service that verifies access from outside in a secure way.

We must also review the privacy settings on IoT devices, these permissions are configured by default and are really open to collect all kinds of information, but above all, commercial information, so we recommend their restriction.

And finally, and I think more important than the rest, we must create an extra Wi-Fi network only for IoT devices in which we will not connect any equipment with essential information such as computers, smartphones or tablets. We will create a new Wi-Fi network and assign it a WPA2-PSK encryption. We will also disable the WPS function for greater security.

By following these tips we will avoid any unnecessary scare, and we will have all our data safe from malicious attacks by third parties, we can make our life much easier and more comfortable inside our home thanks to the world that IoT devices offer us, but we cannot forget of security in no time so that safety and comfort can coexist under the same smart roof.