IoT Security

Stay Smart. Stay Safely Connected.

IoT devices have become part of our daily lives and it is crucial that everyone is able to keep their devices secure. Manufacturers of IoT devices have a responsibility to design secure products but there are also some steps consumers can take to better protect their devices and information against cyberattacks. The Cybersecurity Tech Accord in conversation with Consumers International are working to raise awareness of the security risks from IoT devices and how consumers can try to stay protected. Cybersecurity Tech Accord has compiled this information repository to ensure consumers have more information about how to keep their IoT devices secure. We know that providing information and advice is just the first step on a journey to bring consumers and manufacturers of IoT devices closer together in an environment with strong standards and governance with the common aim of placing cybersecurity at the heart of technology and innovation.

IoT Security Facts and
Figures

There were 26.66 billion active IoT devices in 2019

It’s estimated that by 2022, there will be 50 billion consumer IoT devices worldwide

Expected number of devices and connections per household by 2022:

A. North America: 23.9
B. Western Europe: 14.8
C. Latin America: 7.5
D. Middle East and Africa: 4.9

There were 2.9 billion cyber attacks on IoT devices in H1 2019 against the 813 million recorded in H2 2018

IoT devices most targeted by hackers

A. Security camera systems
B. Smart hubs and network-attached storage devices
C. Printers, smart TVs and IP Phones

Where are IoT attacks taking place?

Ways IoT devices can be hacked:

Ways IoT devices can be hacked:

A. Smart speakers with access to other networked devices in your home can be hacked to unlock other devices like cars/garage doors for theft.

B. Hackers can control the temperature of your smart thermostat.

Ways IoT devices can be hacked:

C. Smart printers, if hacked, can give malicious actors access to any file that is printed and any sensitive information that is on these files.

D. Your smart TV can be hacked, allowing malicious actors to listen in on a living room conversation, “cyberstalking” you.

Consumers’ concerns:

76% feel they could easily become a victim of smart home cyber crime.

77% worry about violation to their privacy by their internet connected devices at home.

80% feel smart home device manufacturers are not doing enough to ensure consumer online security and privacy.

How to secure your
connected home?

The responsibility to design cyber secure consumer IoT products falls on manufacturers of smart and connected devices. Regulators around the world have issued guidelines and recommendations to align practices by manufacturers in this space. At the same time, we as consumers need to understand the risks that these new technologies can pose when they are brought inside of our homes. There are several precautions that we can take to ensure our devices are safe from potential cyber attacks, and as more IoT devices make their way into our everyday lives, we need to adapt our behavior to ensure these technologies can’t act against our best interest. The following small steps can help ensure our products are safe from potential attacks and that we are able to use the products we buy in the way they were intended.

Use strong authentication methods

Use your devices and the applications installed on them securely

Secure your home network

Be careful when connecting to a network

How to secure your IoT devices

Smart Speakers

Beginner

  • Don’t put speakers near a window which could enable someone to connect to them.
  • Turn off the device when not using to stop it listening.
  • Turn on email notifications to watch for any unauthorized access or purchases.

Intermediate

  • Delete voice history and past commands.
  • Train speakers to recognize different voices.
  • Monitor the accounts you link to speakers for any unusual activity such as purchases you did not initiate.
  • If possible, turn off ‘personalized results’.

Advanced

  • If possible, consider opting-out of sharing recordings used to improve the service with the manufacturers.
  • Remove sensitive data stored on accounts associated with the speakers (e.g. turning payment functionality off).

Smart Doorbells

Beginner

  • Attach the device securely so it can’t be stolen.
  • Delete old footage.

Intermediate

  • Hide your network name or ID to prevent your network from being visible and easily accessible. This can be done by using a Virtual Private Network (VPN).

Smart Tvs

Beginner

  • Disable or place tape over cameras and microphones.
  • Stick with your smart TV’s dedicated remote and avoid smartphone remote apps, since they can make it easier for hackers to grab login information if your device is otherwise compromised.
  • Download applications with caution and always directly from the Google Play store, the App Store or your manufacturers’ official application store avoiding allowing app installation on your devices from unknown sources.

Intermediate

  • Applications installed on the TV usually have their own privacy and security setup which is independent from the TV. Ensure that you enable privacy and security options on each of the installed applications.

Smart Toys

Beginner

  • Talk to your kids about never giving out personal information or posting sensitive information online.
  • Check reviews and consumer advisory to see if there have been negative reports on the toy.
  • Always make sure the toy is switched off or unplugged when not in use.

Intermediate

  • Applications installed on the TV usually have their own privacy and security setup which is independent from the TV. Ensure that you enable privacy and security options on each of the installed applications.

Smart Home Locks

Beginner

  • Use a PIN for voice unlocking.
  • Create unique codes for individuals.
  • Increase the length of your codes and passwords – longer passwords are better because they lower the chance of brute force attacks.

Intermediate

  • Create expiring codes with scheduling.
  • Enable extra features like decoy numbers available on some devices.

Smart Printers

Intermediate

  • Require owners to authenticate themselves before allowing them to print.

Advanced

  • Turn off unused protocols and disable unused ports. 

Smart Baby Monitor

Intermediate

  • Disable remote access to your baby camera.
  • Periodically check the logs for unauthorized access.
  • Change the port used to access your camera. Like for any other default settings, default ports could make it easier for hackers to access your device.

Advanced

  • Disable Dynamic DNS (Domain Name Server) on your camera, which could allow remote access to your device.
  • Disable port forwarding and UPnP (Universal Plug and Play), which could allow an attacker to bypass your firewall and gain control over your device through malware.

Smart Indoor and Outdoor Security Cameras

Beginner

  • If you don’t need the internet streaming feature which lets you watch the footage live remotely, it’s best to disable it.

Intermediate

  • Make sure the smart camera is able to download the latest updates of its software and firmware.

Cybersecurity Action from Consumer Advocacy

Consumer groups around the world are pushing for the strongest cybersecurity responses from governments and manufacturers, while supporting consumers with guidance on how to better protect themselves.