In 2011, a startup known as Nest Labs has created a thermostat that learned the temperature patterns in your home and adjusted itself without your intervention to maximize your comfort. It also connected to the worldwide internet, making it officially one of the most popular “Internet of Things” (IoT) products for the consumer market. Before this thermostat made it into the market, there was already a variety of products that similarly connected to the internet. While everyone is busy talking about the conveniences such an innovation brings with it, there are very few looking at how complex the security landscape will become as a consequence of IoT.
Why IoT Can Be Problematic
One of the first companies to really assess the problems of that IoT can bring was PerfectCloud. In its lengthy blog post, it detailed how it can be dangerous for businesses that are unwary of the consequences of introducing more possibilities for leakage.
IoT is potentially dangerous not because our machines will “turn on us”, but rather because they are able to communicate with the internet at large. You’ve likely already seen the problems that computers encounter as a result of being connected to the web. They get viruses, they are exploited on a regular basis, and sometimes hackers even gain control of the entire system to do some pernicious activities through it.
IoT simply presents more possibilities for this to happen by connecting your toaster, your fridge, your car, your TV, and other household items to the internet.
How IoT Can Be Used to Threaten Internet Security
The biggest threat that we face with IoT is botnets. If you don’t know about botnets, you can read up on them in our piece on distributed denial of service (DDoS). In the typical breach scenario, a hacker will infect a computer with a virus that automatically connects the system to a central server. The hacker will then order all infected computers to flood a particular IP address with packets, overwhelming that IP address’ ability to process normal traffic.
With IoT, many devices’ operating systems are simple and very difficult to breach (ironically, complex operating systems are easier to do this with). Instead of attempting to infect an IoT device, most hackers will opt to exploit a vulnerability in the way it communicates. This shorter process makes it very easy to infect thousands of devices at the same time and effectively create a phantom decentralized botnet. A DDoS like this is very difficult to stop! Also, such a thing has already happened.
How to Protect Yourself
Now that you understand the problem in IoT, it’s time to figure out how to help stop your toaster from turning into a battle drone. One of the best ways to do this is to create an “intranet” by setting your router up to prevent the device from communicating with the outside world. Instead, it will only communicate with your LAN, allowing you to monitor and configure the devices at home. Such a configuration restricts the way you use IoT, but it opens less doors to hackers trying to (digitally) break into your house.
Figure out what ports your toaster uses to communicate, then configure your router to shut down that port for external communications. It’s a very simple but effective idea!
Should you stop using IoT entirely? Absolutely not! However, I certainly hope that this piece will teach people to be more careful with the tech that they use. The underlying message here is that convenience sometimes requires a compromise on security that people aren’t ready to make. Tell us your thoughts on this in a comment below!