Internet of Things: Use it with extreme care

Do you know the vulnerabilities of some of the technologies you use every day? Everything we buy nowadays is connected to our WiFi, Bluetooth, Near Field Communications (NFC), fingerprint, face recognition, etc, etc… and while we think it’s safe because it comes from a reputable technology company, or a common Smartphone application, we need to realize that with every new connection we make to the Internet of Things (IoT), we increase our risk.

For example, home security systems, which are supposed to help keep us safe, could actually pose security threats if properly configured and secured. While the idea of a stranger hacking into your home security system and watching your family may seem like the plot line of a horror movie, researchers at HP are warning against just such risks, identifying major vulnerabilities in 10 of the newest home security systems.

{mosads}In their research, HP found “an alarmingly high number of authentication and authorization issues along with concerns regarding mobile and cloud-based web interfaces.” All ten systems allowed the use of weak passwords, lacked an account lockout mechanism for multiple failed log-in attempts, and were found vulnerable to “account harvesting,” which allows attackers to easily guess login credentials. Half of the systems did not have proper encryption methods to protect sensitive data, and those with cloud-based web or mobile application interfaces were highly susceptible to attack, allowing video to be viewed from an Internet-based attacker anywhere in the world.

When utilizing the IoT in our homes, we must understand the security implications of using now-common technologies like in-home security and wireless camera baby monitors. Already with baby cameras, we’ve seen weak or default passwords leading to malicious actors hacking into baby-cams and talking to our children. This is quite disturbing. While these technologies are intended to make our lives easier, if we don’t take responsibility to understand how they work, ensure we use complex passwords, two-factor authentications and other prudent security steps, we are putting ourselves and our families at risk.

This week, top information officers from major IT companies Symantec, Cisco, RSA Security and others met at the NASDAQ for a National Cybersecurity Alliance event to discuss the quandary of evolving technologies. They deemed that the IoT, not state-sponsored cyber terrorists, pose the biggest threat to customer data, and urged companies’ technology developers to build in security from inception. According to the National Security Telecommunications Advisory Committee, “There is a small – and rapidly – closing window to ensure that IoT is adopted in a way that maximizing security and minimizes risk. If the country fails to do so, it will be coping with the consequences for generations.” While all of these new innovations are great, we need our security systems to catch up.

Monitoring is crucial, both by the individual using the IoT, and companies whose technologies we are using. Security specialists prefer a behavior monitoring solution, which keeps communications paths open, but with a system that “watches all devices, learns what’s the norm, and flags abnormal behavior,” according to Jeffrey Green of Symantec.

When using an IoT device, we are each responsible for its safe and secure use – we must own the stewardship of our data. Just as we monitor our credit card statements monthly, we should be regularly updating software, changing and strengthening passwords, ensuring our systems use an encrypted connection (known as  SSL/TLS) , use two-factor authentication as possible, and understanding which devices, like cameras, in your home can be remotely (therefore covertly) activated. We all love the benefits  abundant  technology brings, but we must also protect ourselves from the imprudent hacking by the neighborhood troublemaker or a malicious actor trying to do us harm.

Ortiz is a partner at Falcon Cyber Investments, the first multi-stage investment vehicle exclusively focused on cybersecurity innovation, and a strategist and an adviser on cyber policy and regulations for a D.C. based global law firm.