Cybersecurity: The Internet of Things
If you’re reading this, you may have some kind of smart device in your possession. Maybe it’s a smart TV or an Alexa or a Nest Thermostat. Once upon a time, I would’ve said that you should simply avoid these devices, however I think that we’re moving into an age where that advice is antiquated. It’s becoming harder and harder to escape the “Internet of Things,” so this section will provide some overall advice on basic privacy and security for IoT devices.
Having said that, I still encourage everyone to pass on these devices if you can. None of us really needs any of the modern “creature comforts” to survive, so I’m not going to be the curmudgeonly old man decrying kids these days and their newfangled gadgets, but it is important that we realize that each one of these devices we bring into our lives puts us at risk in privacy and security. The smart TV you purchase not only reports invasive network information, but these devices also offer hackers a way into your home with things like lack of updates and default passwords. Believe it or not, you can use a light bulb to access all the other devices on the network.
Is it worth the risk? Do you really need to know the second a package arrives at your doorstep? (I argue that you should be using a PO Box anyways). Do you really need a fridge that tells you the milk has gone bad? These answers vary from person to person. I can live just fine without TV, so a smart TV is definitely something I don’t need. Someone else may be a film buff and may find a lot of value in a high-quality TV that can stream from dozens of services easily. There are no wrong answers here, but I do encourage you to first ask yourself if the value a smart device brings you is worth the privacy invasion and security risk that comes with it.
If You Must
If you decide that a smart device is for you there’s several key pieces of conventional wisdom that will help to dramatically increase your privacy and security while using said devices.
- Make sure to change all default passwords and login information. Most devices come with a default username and password that can be discovered for free online by looking up the manual. Criminals can use this information to access the administrator privileges of those devices and abuse the device or access the rest of your network.
- Go through every setting on your device and make sure that you have disabled all settings that share data and analytics.
- Make sure to do your research and buy devices that get updated by the manufacturer regularly. Set your devices are to auto-update if the option exists. If there is no auto-update option, set a reminder to periodically check for updates and install them when they become available.
- Buy a router that supports “VLANs,” which are virtual segmented networks. Putting two devices on separate VLANs makes the devices act and think as if they are in completely separate networks. If one gets compromised the other is safe. Ideally you’ll want to have all your IoT devices on one VLAN, then all your network devices (phones, laptops, etc) on another. IoT devices requiring network connectivity (such as smart TVs) can still be given network access.
- Make sure to couple all this advice with other advice on this site, such using a forwarding email to set up your accounts and using strong passwords.
I strongly recommend using Mozilla’s ”*Privacy Not Included” as a starting point to research various popular IoT devices and offerings. I personally disagree with some of their conclusions but it will at least provide a starting point for some products to outright ignore and offer alternatives to research.