The Internet of Things (IoT) has expanded dramatically in the last year. In addition, with the arrival of 5G with more bandwidth and a growing trend towards unlimited mobile data rates, it will further boost its implementation. This will cause our domestic life to change, and we will face a more comfortable and entertaining situation. However, we must maintain the security of IoT so as not to get an unpleasant surprise, and so that this does not happen, we are going to offer some practical advice.
As for the concept of “Consumer IoT” it refers to the set of connected devices that have a discrete function, enabled or complemented by a data collection capacity through integrated sensors. Thanks to them, in our home or workplace we can interact with appliances or smart devices. Some examples would be coffee machines, cameras, heating systems, locks, lights, refrigerators, televisions, and more.
IoT security and manufacturer responsibility
Currently the lack of IoT security has exposed serious deficiencies, both in the design and in the implementation of IoT devices. To this we have to add the few or no criticisms when we talk about the IoT security of our devices. A relevant fact is that consumers depend on device manufacturers to ensure their safety. With an increasing boom in this class of devices, they have attracted the attention of cybercriminals who seek to steal valuable information and interrupt these services.
On the other hand, we as users, using some basic techniques, can protect IoT devices from attacks. Although the manufacturer bears a significant percentage of responsibility for maintaining the ongoing security of IoT devices, this is usually not always the case. Therefore, a practical advice that we should do after having bought an IoT device , is that we should change the default password to minimize the possibility of suffering an attack.
In this regard, a good number of IoT-related breaches have occurred because the attacker discovered that the default password was being used and compromised the devices. Also, another thing to check before connecting the device to the Internet is to read the device manual and terms of conditions. This way we will know the data that the device collects, stores and transmits about us, and to what extent it can affect our privacy.
Security controls and updates
A worrying fact is that, in many cases, an IoT device will exclude security controls. In this case, we refer to encryption, authentication, certificate management, validation and registration, which are often not implemented to obtain a more practical and easy-to-use design. This will expose the device to remote attacks.
Fortunately, some IoT vendors are starting to use certification or labeling regimes to provide a certain level of security. In that sense, if we want to have IoT security, before buying a device of this type we must look and check if the manufacturer adheres or not to certain standards. The minimum that we must ask to maintain the security of IoT , is that that IoT device has a solid security based in the form of strong passwords .
Another important question is the real challenge that consumers face when updating their IoT devices due to how difficult it is to communicate with them. As a consequence of the lack of visual interfaces , many devices are left unpatched and unsecured right out of the box . Being aware of the vulnerabilities of our devices for a common user is complicated.
To achieve that IoT security, consumers should try to buy IoT devices that the manufacturer updates or patches automatically. Finally, if this is not possible, then people who have these IoT devices should try to search online vulnerability forums on their own and assess from time to time whether exploits and security flaws have been publicly exposed.