My girlfriend read something that worried her about the security risks posed by Internet of Things (IoT) devices at home. She had recently purchased a new TV, and she has an older home security system. She asked if her privacy might be at risk.
We talked about the kinds of problems an unprotected home network can cause.
These include, in no particular order:
|
|
We decided to run an informal audit.
First, we looked at the cable modem. Built in 2004, it had no available updates. We contacted the internet provider and ordered a replacement. It arrived after a week or so. The new device was manufactured in 2015, so the first thing we did was update its firmware – there were cumulative updates outstanding. We turned off “SSID broadcast” and set up the “guest” network. Next, we moved the IoT devices from the primary network to the “guest” network so they could not communicate among themselves or eavesdrop on the active devices.
We looked at what was talking to the network, and found over a dozen more devices:
1. The smart TV
2. A wireless printer
3. Her laptop and mine
4. Her phone and mine
5, A desk-side machine used as a media server
6. The home security system:
|
|
7. The remotely-readable electric meter
The smart TV was recent, so patching was simple. Ditto for the phones and PCs, although some phone manufacturers are better than others providing timely patches. The printer took updates from the manufacturer’s Support site: Drivers and Downloads. The home security system has proved to be a bigger challenge. The vendor is moving a bit slowly providing the most recent capabilities. It may be enough to consider switching technology.
Are we safe? We are safer. We do not enable Bluetooth, so the BlueBorne vulnerability will not affect us. The electric meter is outside our control, which is a problem. It could reveal when the house is empty. My car is “e-chatty,” but not with her home systems. Her car is older and does not chat with any external networks.
Homeowners should know what they have in their homes, and keep it secure. What should a homeowner do?
|
|
Protect yourself against malware. Do not click on suspicious email attachments or links. Use long passwords. NIST has reversed its earlier guidance about complex passwords (upper case, lower case, special characters). Instead, use a long easy-to remember password such as “largelightening884” – the one from an older router I once had. Do not use that one. Finally, use a cross-generational security suite that provides layered protection. Trend Micro makes one.
Let me know what you think! Post a comment below or tweet me: @WilliamMalikTM.
