Smart devices - The Internet of Things (IoT)

The Internet of Things (IoT) is commonly referred to as a smart device, or network of devices. They have the capability to connect to the internet, gather information and exchange data with other devices. There are some things to consider before you start plugging these devices into your home and office.

Examples of the Internet of Things (IoT) technology include home security systems, fitness/health trackers and some universal remotes and voice controlled speakers.

These devices have buit-in technology to enable them to connect to the internet.

For example, a smart refrigerator can scan barcodes of items it stores. It can then take this information and look it up on the internet to determine when the items will spoil. Once it has this information it can send you email reminders to use the food before its expiry date. Smart devices may come equipped with new components and sensors, such as:

  • software that will need to be updated
  • a wireless chip that can connect to your WiFi
  • a microphone for voice commands
  • a camera for recording or enabling movement commands
  • a Near Field Communication (NFC) chip to detect nearby cards, phones, or other devices
  • bluetooth to connect to nearby devices
  • other sensors that detect motion, speed, humidity, health metrics, or other data.

The features that a smart device provides will vary. With technology moving fast, it can be easy to find yourself in a position where your home or office is full of smart devices.

IoT is fast becoming a commonplace utility;  it’s important to understand how to manage the risks so we can safely take advantage of the benefits.

This guide will help you figure out if you need these smart features or if they can be turned off to preserve your privacy and improve your security.

How IoT works

At the heart of any IoT device is a wireless chip that allows it to connect to WiFi. IoT devices collect data from their sensors, and use software to determine what to do next. The software holds the brains of the IoT device; it’s what is making all the decisions behind the scenes.

In most cases, the IoT device will:

  • connect to a central server, usually owned by the company who makes the device, to get more information
  • compare and send data to other public websites and servers to collect information
  • connect to a messaging server so it can email, text, or call you
  • connect to other IoT devices on the same WiFi to tell them to do something.

What to watch out for

Most risks of the IoT are to do with privacy and security. Be aware that our IoT devices, such as smart speakers and televisions, are like mini computers. They may contain vulnerabilities that allow attackers to:

  • get personal information, such as usernames and passwords
  • access banks and online shopping accounts
  • gain control of devices to scare or manipulate users

It’s important to be aware of the risks involved with using internet-connected devices. Here are a few examples:

Not knowing what information is being collected and where it is being stored

A smart speaker with voice activation is always listening, ready for you to ask it to do something. Most of the time, users are unable to tell what information is being recorded, and where those recordings are being sent. Sensory data, voice/video recordings, and personal information collected by smart devices, has the potential to get leaked or fall into the wrong hands

Software that loses support

IoT devices can fall out of support quickly, particularly less well-known ones. This means the device doesn’t get updated when the developer finds a problem. It could leave you with a smart device that has insecure software that is vulnerable to attack

Insecure device configuration

WiFi and IoT devices may be configured so people on the internet can send them commands, as opposed to the individual who owns the device. This means an attacker could alter your IoT device and use it to attack others or to scare you. This is also called a bot or botnet.

How to protect your IoT devices

The way we set up and use our IoT devices is important. It keeps the device and the data it exchanges secure. Pay the same attention to the security of your IoT device as you do to the security of your phone and computer. Here are some simple steps you can apply:

Decide if you really need the “smart” features

If you don’t need the features that use the internet, disable them. A smart refrigerator should still be able to keep your food cold, even if it can’t connect to the internet! Turning off features you don’t need can help you stay in control of your own security and privacy.

Keep software updated

Updates not only bring new features and improvements, they also fix vulnerabilities that can be exploited by attackers. Most of these devices have settings that enable updates to take place automatically. If the vendor no longer provides updates, you should consider getting a new device or disabling the smart features.

Change the default password

In the excitement of unboxing a shiny new device, it’s easy to forget that it comes with a default password that might be easily found on the internet. Change the default password to one that is unique and long, and store it in your password manager.

Put the devices on a separate WiFi network

Most WiFi routers can provide a “guest” network that can be used to keep your laptop and mobile phone away from other devices you can’t control. Keeping your IoT devices on this guest network, preventing them from communicating with your important devices would be a good security precaution.

Search online for any security or privacy reviews before purchasing

Most popular IoT devices have been reviewed by security professionals. You may also find that an IoT device you are about to buy just had a massive security issue. Doing a quick search before you buy can save you a lot of future stress

Other useful information

Create a good password

Use a password manager

Secure your home network

If you think you have experienced an IoT security incident, or any other cyber security incident, report it to CERT NZ.

Report an issue