Have a fitness band, smart thermostat or other smart IoT device? Here’s how to make sure it’s secure.
“As connected consumer devices become more powerful and gain more capabilities, they will become more attractive targets for malicious actors looking to exploit these capabilities,” said Rob Sadowski, director of technology solutions at RSA in Bedford, Massachusetts. “For example, we have already seen attacks exploit vulnerabilities in consumer routers for use in DDoS attacks and consumer NAS [network-attached storage] devices for illicit cryptocurrency mining.”
“Many vendors in the IoT space seem to have little or no concern regarding the safety and security of their customers,” said Craig Young, a security researcher with Tripwire in Alpharetta, Georgia.
Take smart home hubs, for example, which let homeowners automate their electronics and their overall security. Young warned that these hubs tend to come with a lot of risks. For example, one of the top-selling home-automation hubs — Young wouldn’t say which one — currently ships with a deprecated version of firmware that contains numerous publicly known vulnerabilities, as well as a handful of new vulnerabilities.
“Despite these serious security problems,” Young said, “the vendor has not updated the firmware in this device for over a year, even though they have since developed a somewhat less vulnerable firmware. Even worse, the vendor has stated they have no intention of encouraging their users to upgrade.”