In the past, I have written a few blog posts making fun of the fact that most of my friends and family really don't have a great understanding of what I do. In fact, many of you whom are also in the M2M space must have the same issues as one of my most shared blogs ever talks about how to "explain M2M at a dinner party".
Well, they all seem to understand it now as I have received a number of questions and concerns about a recent article in the Financial Post regarding a family who had their baby monitor hacked by a total stranger. It raises a huge issue....while we are adding thousands of M2M/IoT devices daily, are we doing so in a totally insecure manner?
Previous blog posts have also touched on how homes are becoming smarter and it all comes down to making things easier for the home owner. However, do these “smart” benefits get outweighed by the possible security holes you are leaving in your life?
Here are a few examples:
• Many new garage door openers allow you to use a smartphone-based application to control your door and even get notified if it is left open.....However, could a hacker also be notified (even before you) that the door is open, allowing them to peruse through your stuff?
• Many of the new thermostats allow for "vacation or away" mode, where the temperature is modified in a way that reduces your electricity consumption....However, that information in the hands of a criminal means that they have a fair amount of time to rummage through your stuff while you are "away".
• Even security systems are not immune to being compromised. One of the most common ones used are solutions that use cameras outside of your front door to alert you when either the kids come home or when you have someone at your front door (when you are away). A smart hacker would know to monitor the transmissions of these video clips and be well aware of when you are not home.
Now, on a grand scale of things, a hacker knowing that you are not home is not the worst breach of security that you can have in the world of IoT. Keep in mind that you still have locks on your doors, neighbours to watch over your place and other methods to secure your property while you are gone. The bigger concern about security on IoT has to do with large scale projects such as traffic systems, utility grids and pipelines. If one of these items were to be compromised, it would have a much larger effect on a lot of people.
Most smart organizations are using complex security algorithms and other technologies to secure their data. While this is important, it is equally important to not be on the Internet when at all possible. Since hackers cannot attack what they cannot see, using Private IP address schemes and dedicated links reduces your chances of being a target of attack in the first place.
However, this does hold relevance for the consumer. As a consumer, you have to think to yourself.....just because I can access all of these things remotely from my smartphone, do I have to? Start to think about what things are not vital to be seen in real time and what are the consequences if someone does get a hold of this information?
In the case of the parents who had the baby monitoring camera hacked, I would bet that they had more holes in their firewall than most pieces of Swiss cheese. The first thing that most people can do is to lock down their firewall at home. By making it more difficult to get through the firewall, it makes the devices harder to access.
However, a smart hacker will still get through most firewalls in a home router if they really want to. So the next thing is to secure the devices (as best as possible). First, don't advertise that you use one of these devices (whether on Facebook, through their online portal or any other method). Next, many of these devices have the ability to turn off access to the Internet (I mean, this is a baby monitor...shouldn't you still be within Wifi range?), so this may prevent some hackers from getting at it. Finally, most devices should (if they do not, then the manufacturers need to get on it) have some ability to lock down who can access the information and whom can make changes (whether it is via a password, or better, by the ability to control which MAC/IP addresses can talk to the device).
And....improve your passwords. Using a password of at least 10 characters should be your default standard.
Tired, sleep-deprived parents have enough to worry about without having to worry about a hacker invading the confines of their baby's room. Consumers and manufacturers need to put more of a focus on how to secure devices before these stories become too commonplace.
As always, Novotech is ready to assist with your M2M needs. Whether you’re looking to control, track, monitor or back-up, Novotech has the solutions and products you need. View our Line Cards and let us know how we can be of assistance.