IoT devices pose uniquely terrifying security threats. Just ask a Waterbury, Connecticut, family who was awakened and harassed by hackers accessing their Ring security cameras.
As part of their coverage of this incident, WFSB Channel 3 news asked Kelser to offer some insight into how hackers may have gotten access, and what can be done to secure IoT devices.
After this hack and others like it, Ring denied a data breach saying only the individual accounts had been breached, likely due to password reuse. However, it now appears there potentially was a small breach that could have led to these incidents. While Ring’s security features may not be as strong as they should be, there are best practices for both businesses and consumers when it comes to preventing breaches of internet-of-things devices.
Every IoT device is a potential point of entry
Anytime an internet-enabled device is connected to your network—whether it’s a security camera, a TV, a thermostat, a printer, or another smart device—it creates a potential doorway for hackers. It’s important to implement cybersecurity best practices for each device such as:
- Don’t re-use passwords. Have a unique password for each IoT device and account you have. Keep track of them using a password manager.
- Use 2FA – Two factor authentication (or 2FA) where a code is sent to your phone or generated from an app every time you log in.
- Enable security features such as device limitations – some platforms (such as Nest, for example), allow users to limit what devices can log into their account. You can configure this feature to prevent anyone not using phones, computers or tablets that belong to your family from logging in.
Network security is the foundation of IoT security
It’s shocking that many consumer and small business routers in the US are unsecured. They arrive from the factory with default settings such as a password of “admin” and are simply never changed. Even if hackers can’t access your Ring account because you have 2FA enabled, if your network is wide open, that’s potentially even worse.
Having a secure network with, at the very least, a secure password, but also ideally a firewall and software like OpenDNS to monitor for malicious activity, is essential if you are going to use IoT devices. Without a secure network, smart devices allow hackers not just access to your data, but access to your home or office.
Higher stakes for businesses
While having your home security camera accessed by hackers is extremely unnerving, consumers don’t have the potential for IoT disasters that businesses do. The Ring hacks in Connecticut and elsewhere already seem like something out of sci-fi. It’s not hard to imagine what destruction can be wrought by hackers who gain access to industrial or medical equipment.
The recent Ring hacks illustrate how easy it is to overlook IoT security. As a rule of thumb for businesses, if you have IoT, you need an MSP. When we begin working with a new client as a managed service provider (or MSP), one of the first things we look at is any IoT devices and potential vulnerabilities they may present.
