Securing Your Internet of Things
Right behind every cyber-scare comes a gaggle of “new” solutions. Sure enough, we’re seeing new security appliances purportedly designed to protect the IoT devices on your home network. But are they new, and do they protect? Do you even need another separate device? Read on to get the straight story… |
How to Protect Your Gadgets
The word is out that the fast-growing “Internet of Things” is woefully unsecured against hackers and malware. I discussed this enormous problem in my article, The Internet of Insecure Things. Naturally, readers are wondering what they can do to secure their cameras, printers, smart light bulbs, coffee pots, and other IoT vulnerabilities.
In my article IoT Security News Just Gets Worse, I advised making sure that your Internet router does not have a weak or factory-supplied password, and turning off remote access to the router. It's also important to change the password of every internet-connected device (if it has one) to something strong and unique. Beyond those steps, here are some additional options to consider.
Cujo is a “smart firewall,” says the company’s CEO, Einaras Gravrock. Installed between the Internet and your home router, Cujo monitors all traffic in and out of your network. Suspicious traffic triggers alerts that appear on a smartphone app, e. g., “We blocked an unauthorized attempt to access device ‘IP camera’ from [IP number].” You can then close the intruder’s connection, or leave it open if it’s actually authorized.
The Cujo device costs $77 on Amazon but there’s also an $8.99 monthly fee to be part of Cujo’s community of users. Every time a new threat is detected by a Cujo, information about it is shared with all other installed Cujos. (Yes, other security solutions do update their threat databases free of charge.) “We’ve sold about 5,000 units directly already,” Gravrock told Tech Crunch. “The biggest surprise for me has been that it’s your average user who no longer feels private at home, may put the duct tape over his webcam and just wants something that works — doesn’t want to spend days and months changing things.”
Gravrock is talking about the learning curve that some firewall products have. The free GlassWire for Windows outbound firewall is an example. When first installed, it treats every attempt to access the Internet as suspicious, generating alerts frequently. As the user responds to alerts, Glasswire remembers whether an app is legit and alerts become fewer.
Dojo is also a firewall, although the word is not found on the company’s site. Dojo costs $99 but there is no additional monthly fee; each Dojo device is isolated from others. The Dojo appliance consists of two objects: a normal-looking box with Ethernet ports and a “pebble” that can be placed anywhere in the home. The pebble glows when an alert needs attention. Dojo should be available in December, 2016.
Buy or Roll Your Own?
Home firewalls are nothing new. The Bitdefender BOX debuted in late 2014. In addition to inbound/outbound firewall protection, the BOX includes Bitdefender’s award-winning antivirus; anti-ransomware protection; ” reputation-based “safe browsing;” parental controls; and optimization code that speeds up every device on your network. Today, Bitdefender BOX is selling for $129, down from $199.
You don’t have to spend money on a new firewall appliance. If you have a bit of time and patience, you can configure your existing router to protect all devices connected to it from hackers.
Most routers allow you to create multiple networks with different SSIDs, or network names. You could create one network for computers and their peripheral devices, and another network for light bulbs, coffee pots, etc. Then, if one of the IoT devices gets hacked, the intruder will have great difficulty getting to your sensitive data on the “computer network.” This technique limits damage, sort of like the watertight bulkheads in ships, but it does not block intruders. You'll need to do a bit of Googling to find the details specific to your router in order to implement this.
Another DIY technique involves listing the MAC addresses of all the devices on your home network. (In this context, MAC stands for "media access control" and has absolutely nothing to do with Apple or Mac computers.) A MAC address is a unique identifier hard-coded into every device that can connect to a network. Your router can be configured to allow only the devices with specified MAC addresses to connect to it. Outsiders cannot join your network and rummage through all the devices on it.
You should be able to find the MAC addresses for your devices by logging into your router and poking around. If that's too daunting, the free Device Detection Agent from Who’s On My WiFi will take an inventory of every device on your network and list their MAC addresses. The downside of this technique is that it's a bit of a nuisance to update your list of allowed MAC addresses when a visitor in your home wants to connect their mobile phone or laptop to your your WiFi.
Are you taking any steps to secure your router and any "smart" gadgets connected to it? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 17 Nov 2016
For Fun: Buy Bob a Snickers. |
Prev Article: Geekly Update - 16 November 2016 |
The Top Twenty |
Next Article: Your Next Printer: Inkjet, Laser, or All-In-One? |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Securing Your Internet of Things (Posted: 17 Nov 2016)
Source: https://askbobrankin.com/securing_your_internet_of_things.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Securing Your Internet of Things"
Posted by:
Charley
17 Nov 2016
Thanks Bob. Other than the Cujo which appears to make it easy, the other solutions (re-configuring your home router with multiple SSIDs, MAC address filtering, setting up an appliance, etc.) sound like too much work for most non-tech people.
Posted by:
Reg
17 Nov 2016
My solution is not to buy anything that will be part of the "Internet of Things." I really don't need for my refrigerator to show me (and everyone else including the boss) what's in it or tell me I need milk. I definitely don't want to explain to the boss the 12 pack of brew I bought for the turkey brine.
Posted by:
MmeMoxie
17 Nov 2016
Thank goodness I don't have a lot of items in my house that need to be internet connected.
All of my family's cell phones have been "approved" to use my wi-fi router. I put in the password or phrase so they could connect and use the data aspect of wi-fi. It really saves on the wireless bill when they are connected to a wi-fi router.
Boy I am really pleased the AT&T's U-Verse Wi-Fi router has an excellent password or passphrase! It's about time for them to be security smart. I can change the password/passphrase anytime I want. However, theirs is so good, I won't until I have to.
Thank goodness I don't have a bunch of appliances that need to be internet connected. First of all, they are so expensive that I can't afford them. I don't think the average income can afford them, either. Plus, I don't think the added connection is necessary, in my book. A refrigerator needs to be only a refrigerator - Not one that will tell you what you missed on your grocery list. To me, that is luxury out of control.
I would like to have a wi-fi controlled door lock, but, I do worry about it being compromised. For me, not having to worry about getting my key out to open the door would be a real plus factor. However, I wonder how easy it is for thieves to bypass the code??? An old-fashioned deadbolt works and has worked for a long, long time. :O)
Posted by:
Ray McGinley
17 Nov 2016
One company is addressing IoT security by transmitting data over the licensed 800 MHz band instead of the commonly used 2.4 GHz band. The company is M2M Spectrum Networks.
Posted by:
Peter B
17 Nov 2016
MmeMoxie - if your password / passphrase was provided by AT&T, then you don't know who has access to this information. I would not regard this as secure. I always change the provided password on my router. This needs to happen a few times a year, as it appears that my broadband provider can upgrade the software on it and reboot, after which it goes back to the original password.
Posted by:
Dave
17 Nov 2016
Coursera offers a course titled "Cybersecurity and the Internet of Things". The course is free to audit or they will give you a certificate for a fee.
Posted by:
Marc Menard
17 Nov 2016
So basically, anything that I can control with, say, a smartphone or tablet, like smart light bulbs, baby monitors, surveillance cams, motors to open/close the blinds, this kind of tech is easily hackable. I know that I can upgrade the firmware on a lot of items I have around my computers, for example the router firmware just got such an update and now I can have a report of what traffic is going where. I also upgraded the firmware on a bluray drive a while ago, making it compatible with media that it would not detect before. I guess the point I wan't to make is, are these IoT devices upgradable in some way so that they can become more secure, or is it possible that the customers of such technologies are going to have to replace their devices? These things ain't cheap...
Posted by:
JC
17 Nov 2016
You can't keep your isp out. They have a backdoor. I know this because they gave it to me while in a two hour troubleshooting session with them. If I have it, so do others. This will only keep outsiders out, or at least be your best shot.
Posted by:
bb
18 Nov 2016
Marc: That is exactly the question to ask, "are these IoT devices upgradable in some way" or are they unchangeable by the user with the unalterable firmware, user codes and passwords? Devices that are not changeable, regardless of cost, need to be junked.
Look up "Mirai" on Wikipedia, it was Linux boxes infected by Mirai that took down Dyn, not Windows botnets.
The 'S' in IOT stands for Security.