In my last post, I opened a discussion on the Internet of Things, and loosely defined the category by breaking the devices down into two categories. This post is about the second of those two categories – those devices that are connected directly to the Internet.
My favorite example from my own experience in this category is my Doorbot (http://www.getdoorbot.com/). This is a device that replaces a standard doorbell (no special wiring required) with a device that connects to your wi-fi network. When someone rings my doorbell, the app on my phone plays a ‘ding dong’ sound and I can view the video from the device’s camera (to see who is there) and optionally accept the call and then have two way audio with the person standing at my door.
While the Doorbot has certainly been a positive experiment in my house, the category of devices directly connected to the Internet in general is somewhat worrisome to me as an IT consultant because of the security implications. As we integrate more and more devices into our lives that are directly connected to the Internet, what are we doing in parallel to increase the security of our home and business networks to ensure these devices are staying protected? I’d venture not much.
“So what?” you say – “who cares if someone hacks into your doorbell?” Well maybe my doorbell isn’t as significant as some other devices, but what about cameras/surveillance devices, thermostats, home security systems, and even refrigerators? For example, what if someone compromises your home network, takes control of your thermostat, and then cranks the temperature down to 65 degrees every weekday from 9am to 4pm during July and August in Phoenix? Can you imagine what that electric bill looks like? What if someone gets into your security system, gains the ability to disable it, and then can walk in and help themselves to anything they’d like?
Actually, from an IT security standpoint, those may even be the least of your concerns. The other angle to think about with all these devices directly connected to the Internet is how secure are THOSE devices themselves? What if they actually end up being the path through which your home network gets compromised? Can’t happen you say because its only possible to hack a computer not a device? Ask Target how they feel about that – the massive breach of their information systems was through their POS terminals, not through a computer.
I’m certainly not advocating we go back to the stone age and reject all of these devices outright – they have tremendous potential to improve our lives. What I am saying instead is just let’s be thoughtful as we introduce them into our lives and take a moment to think about security. Here are a few tips:
1. Make sure to change any default passwords on the devices, and use secure passwords. http://www.strongpasswordgenerator.com is one of the sites I visit most frequently. I’d recommend at LEAST 12 digits, and more is better.
2. As you start to introduce these devices at home, maybe it’s time to spend a few extra bucks to upgrade your home firewall/router/wireless to something more than the $50 consumer version at your neighborhood electronics store.
3. Make sure you understand before installing the devices exactly how they are accessed (web, smartphone, etc.) and what the potential is for harm. It doesn’t hurt to ask the vendor some tough questions about their security since their software is often involved in the device’s operation.