• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
  • Research
Home   »   Internet of Everything   »   IoT Device Security At Home

IoT Device Security At Home

  • Posted on:September 20, 2017
  • Posted in:Internet of Everything, Security
  • Posted by:
    William "Bill" Malik (CISA VP Infrastructure Strategies)
0
What do security vulnerabilities mean for the IoT?

 

My girlfriend read something that worried her about the security risks posed by Internet of Things (IoT) devices at home. She had recently purchased a new TV, and she has an older home security system. She asked if her privacy might be at risk.

We talked about the kinds of problems an unprotected home network can cause.

 

 

These include, in no particular order:

  • Compromised cable modems can give unauthorized Internet access
  • Malware-infected PCs can reveal personal information and passwords to financial applications
  • Infected PCs and IoT devices can host bots, launching DDoS attacks, spam, and fake social media posts
  • Hijacked storage (as on smart TVs) can store stolen data
  • Compromised home sensors reveal occupants activities and absences
  • Compromised sensors can post false usage, increasing utility bills
  • Subverted monitors can let dysfunctional individuals blurt hate speech into the home

We decided to run an informal audit.

First, we looked at the cable modem. Built in 2004, it had no available updates. We contacted the internet provider and ordered a replacement. It arrived after a week or so. The new device was manufactured in 2015, so the first thing we did was update its firmware – there were cumulative updates outstanding. We turned off “SSID broadcast” and set up the “guest” network. Next, we moved the IoT devices from the primary network to the “guest” network so they could not communicate among themselves or eavesdrop on the active devices.

We looked at what was talking to the network, and found over a dozen more devices:

1. The smart TV

2. A wireless printer

3. Her laptop and mine

4. Her phone and mine

5, A desk-side machine used as a media server

6. The home security system:

  • Motion detectors
  • Video cameras
  • Sensors monitoring carbon monoxide, water in the basement, and smoke

7. The remotely-readable electric meter

The smart TV was recent, so patching was simple. Ditto for the phones and PCs, although some phone manufacturers are better than others providing timely patches. The printer took updates from the manufacturer’s Support site: Drivers and Downloads. The home security system has proved to be a bigger challenge. The vendor is moving a bit slowly providing the most recent capabilities. It may be enough to consider switching technology.

Are we safe? We are safer. We do not enable Bluetooth, so the BlueBorne vulnerability will not affect us. The electric meter is outside our control, which is a problem. It could reveal when the house is empty. My car is “e-chatty,” but not with her home systems. Her car is older and does not chat with any external networks.

Homeowners should know what they have in their homes, and keep it secure. What should a homeowner do?

  • Identify all devices that connect to the Internet from your home.
  • Make sure they have current software patches.
  • Limit access to these devices from the internet.
  • Isolate them so they cannot communicate with one another, or scan your home network.
  • Set your cable modem or router to minimize inappropriate traffic.
  • Do not broadcast your SSID.
  • Use the “guest” network to isolate your active systems from passive IoT devices
  • Change the default passwords to your devices (you can change them back by resetting the device, if you need to).

Protect yourself against malware. Do not click on suspicious email attachments or links. Use long passwords. NIST has reversed its earlier guidance about complex passwords (upper case, lower case, special characters). Instead, use a long easy-to remember password such as “largelightening884” – the one from an older router I once had. Do not use that one. Finally, use a cross-generational security suite that provides layered protection. Trend Micro makes one.

Let me know what you think! Post a comment below or tweet me: @WilliamMalikTM.

Related posts:

  1. My Photos Are Gone! How to Protect Your Home Network
  2. Don’t let those holiday photos disappear. Here’s how to protect your home network
  3. Hack of home routers highlights the IoT’s security problems
  4. Securing the smart home

Security Intelligence Blog

  • CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows
  • October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day
  • Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • How the Industry 4.0 Era Will Change the Cybersecurity Landscape
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Let’s Continue the Skills Gap Conversation
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • It’s Everyone’s Job to Ensure Online Safety at Work
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Many Paths To A Cybersecurity Education
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • Today’s Predictions for Tomorrow’s Internet
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • The Risk of IoT Security Complacency

Follow Us

Trend Micro in the News

Trend Micro Blogs

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.