Consumer IoT Cybersecurity

The Internet of Things (IoT) is term used to describe how everyday items – from toasters to children’s toys, vacuum cleaners to boilers – are increasingly connected to the outside world through the Internet, enabling our homes and products to do much more than they used to. IoT devices have become part of our daily lives and it is crucial that everyone is able to keep their devices secure.

Manufacturers of IoT devices have a responsibility to design secure products, but there are also some steps consumers can take to better protect their devices and information against cyberattacks.

Cybersecurity Tech Accord has compiled this information repository to ensure that as a consumer, you have more information about how to keep you IoT devices secure. We know that providing information and advice is just the first step on a journey to bring consumers and manufacturers of IoT devices closer together in an environment with strong standards and governance with the common aim of placing cybersecurity at the heart of technology and innovation.

New to IoT?

Ways IoT devices can be hacked

  • Smart speakers with access to other networked devices in your home can be hacked to unlock other devices like cars/garage doors for theft.
  • Your smart TV can be hacked, allowing malicious actors to listen in on a living room conversation, “cyberstalking” you.
  • Hackers can control the temperature of your smart thermostat.
  • Smart printers, if hacked, can give malicious actors access to printed files and any sensitive information that is on these files.

How to secure your connected home

Manufacturers are responsible to design cyber secure IoT products. Regulators around the world have issues guidelines and recommendations to align practices by manufacturers in this space.

At the same time, there are several precautions that you can take to ensure your devices are safe from potential cyber attacks.

SECURE YOUR HOME NETWORK

  • Try to keep your coverage area limited to your house by placing your router as close to the middle of your space as possible, rather than placing near windows.
  • Give your router an anonymous name not associated with your name, your address, or any personal identifiers.
  • Make sure that every device on your network, including routers, computers, smartphones, and smart devices, have updated software and operating systems to keep your entire network protected.
  • Use wireless encryption. First, make sure you enable the SSL encryption in the settings of the sites you visit (like your email). Second, visit the secure HTTPS version of sites and not the unsecure, regular HTTP site by simply adding an ‘S’ to the website’s URL.

USE STRONG AUTHENTICATION METHODS

  • Use strong passwords. Websites such as “Have I Been Pwned?” can be useful to check whether your email address and password have been exposed in a security breach.
  • Use two-factor authentication (2FA), for example, using both a password and a fingerprint or email verification.
  • Many Internet devices are shipped with default login codes making them easy to hack (e.g. 1234) – make sure to change default usernames and passwords.

USE YOUR DEVICES AND THE APPLICATIONS INSTALLED ON THEM SECURELY

  • Install an antivirus to block malicious software designed to acquire your personal information. You can find both free and paid-for antivirus options online. Trade media are reliable sources to check for the best options available.
  • Turn on the firewall on your PC, router, and any other devices that have one.
  • Consider apps’ requests to access your information (photos, location, address book, camera or even other apps) carefully. Each time you should ask yourself, what is this app for and why does it need that permission? 
  • Unplug devices when not in use. 
  • Consult your devices’ privacy policy looking for information on what kind of data they will use.
  • Update your IoT devices’ software and firmware in a timely manner when instructed by the manufacturer.
  • Let your visitors know that you have smart devices or turn them off to protect others’ privacy and security.

BE CAREFUL WHEN CONNECTING TO A NETWORK

  • Avoid unsecured public Wi-Fi networks (those that can be connected to without any type of security feature like a password or login). On public Wi-Fi networks, cyber attack techniques such as “Man in the Middle” can be used to intercept web traffic between a user’s device and the destination by making the victims’ device think the hacker’s machine is the access point to the Internet. You can turn the public connection into a private one by using a Virtual Private Network (VPN). The first step is subscribing to a VPN. Here is a guide that can help you pick the right one. A VPN prevents hackers from viewing your web traffic and your personal data, like your bank account number and passwords. You can also use a VPN on your phone. Here is how. 
  • Use more than one router so that your IoT devices are on a different network to that of your main PC. This will protect the information on your PC in case your IoT devices are compromised. You can check this guide on how to connect two routers on a home network.

How to secure your IoT devices

Smart Speakers

Beginner

  • Don’t put speakers near a window which could enable someone to connect to them.
  • Turn off the device when not using to stop it listening.
  • Turn on email notifications to watch for any unauthorized access or purchases.

Intermediate

  • Delete voice history and past commands.
  • Train speakers to recognize different voices.
  • Monitor the accounts you link to speakers for any unusual activity such as purchases you did not initiate.
  • If possible, turn off ‘personalized results’.

Advanced

  • If possible, consider opting-out of sharing recordings used to improve the service with the manufacturers.
  • Remove sensitive data stored on accounts associated with the speakers (e.g. turning payment functionality off).

Smart Doorbells

Beginner

  • Attach the device securely so it can’t be stolen.
  • Delete old footage.

Intermediate

  • Hide your network name or ID to prevent your network from being visible and easily accessible. This can be done by using a Virtual Private Network (VPN).

Smart Tvs

Beginner

  • Disable or place tape over cameras and microphones.
  • Stick with your smart TV’s dedicated remote and avoid smartphone remote apps, since they can make it easier for hackers to grab login information if your device is otherwise compromised.
  • Download applications with caution and always directly from the Google Play store, the App Store or your manufacturers’ official application store avoiding allowing app installation on your devices from unknown sources.

Intermediate

  • Applications installed on the TV usually have their own privacy and security setup which is independent from the TV. Ensure that you enable privacy and security options on each of the installed applications.

Smart Toys

Beginner

  • Talk to your kids about never giving out personal information or posting sensitive information online.
  • Check reviews and consumer advisory to see if there have been negative reports on the toy.
  • Always make sure the toy is switched off or unplugged when not in use.

Intermediate

  • Applications installed on the TV usually have their own privacy and security setup which is independent from the TV. Ensure that you enable privacy and security options on each of the installed applications.

Smart Home Locks

Beginner

  • Use a PIN for voice unlocking.
  • Create unique codes for individuals.
  • Increase the length of your codes and passwords – longer passwords are better because they lower the chance of brute force attacks.

Intermediate

  • Create expiring codes with scheduling.
  • Enable extra features like decoy numbers available on some devices.

Smart Printers

Intermediate

  • Require owners to authenticate themselves before allowing them to print.

Advanced

  • Turn off unused protocols and disable unused ports. 

Smart Baby Monitor

Intermediate

  • Disable remote access to your baby camera.
  • Periodically check the logs for unauthorized access.
  • Change the port used to access your camera. Like for any other default settings, default ports could make it easier for hackers to access your device.

Advanced

  • Disable Dynamic DNS (Domain Name Server) on your camera, which could allow remote access to your device.
  • Disable port forwarding and UPnP (Universal Plug and Play), which could allow an attacker to bypass your firewall and gain control over your device through malware.

Smart Indoor and Outdoor Security Cameras

Beginner

  • If you don’t need the internet streaming feature which lets you watch the footage live remotely, it’s best to disable it.

Intermediate

  • Make sure the smart camera is able to download the latest updates of its software and firmware.

Cybersecurity Action from Consumer Advocacy

Consumer groups around the world are pushing for the strongest cybersecurity responses from governments and manufacturers, while supporting consumers with guidance on how to better protect themselves.