They See You When You’re Sleeping, They Know When You’re Awake

The More IoT Devices in Use, the Greater the Opportunity for Threat Actors

In 2017, it is estimated that 8.4 billion connected devices were in use globally, up 31 percent from the year before. Researchers predict that number will reach 20.8 billion by 2020. The internet of things (IoT) introduces many features and conveniences into our lives by rapidly applying connectivity to everyday tasks, appliances, and home features, but it also introduces security and privacy concerns. IoT devices are often targeted by threat actors to take control over and add to a botnet for other cyber-attacks. These devices can also allow threat actors to steal your data, collect account credentials, and manipulate device settings or actions. IoT devices will only continue to become a greater part of our daily lives, with a notable increase this time of year as many people receive connected devices as holiday gifts; therefore, it is vital to implement security controls to properly secure these devices. Below are a just few tips and best practices:

  • Change default credentials immediately. Threat actors can easily obtain manufacturer default credentials to compromise your devices.

  • Enable multi-factor authentication on all devices that offer it. This will help protect you against account compromise via credential theft.

  • Keep your devices’ firmware up-to-date. Apply patches in a timely manner; this will prevent threat actors from exploiting known vulnerabilities.

  • Disable any unused or unneeded features. This will reduce the device’s attack surface, lowering your risk.

  • Avoid connecting IoT devices to unsecured, public Wi-Fi networks. Threat actors may have access to these networks and can target your devices.

  • Secure your home Wi-Fi network. Your IoT devices will often, if not always, run on your home network.

    • Ensure you are using the most secure protocol available, likely WPA2 or WPA3, and establishing strong, hard-to-guess passwords.

    • Set up a firewall at your router. This acts as a barrier between possible threat actors and your network devices.

    • Consider disabling SSID broadcasting. This prevents your Wi-Fi network from populating into a list of available networks.

For additional tips on how to secure your Wi-Fi network, read the NJCCIC Be Sure to Secure post “How to Configure and Secure a Home Wi-Fi Router.”

For more information on securing IoT devices, see the US-CERT Security Tip ST17-001.

AlertNJCCICIoT