Security by Design: What is it? And what exactly does it do to keep us safe? Kinetic IT Senior Security Consultant, Anthony Jones, details the associated risks and rewards of smart device security.
Nowadays, it seems like every new electrical device we buy for our homes is a ‘smart device’ that is connected to the Internet in some way. From fridges that can order food for us, to robot vacuums that we can control remotely, to electronic locks that we can open with our phones – our homes are becoming increasingly digital and connected to the Internet.
These devices usually provide a convenient service to us, but have you ever asked yourself: how secure are they really?
In cyber security, we often talk about the concept of Security by Design, where devices and applications are designed and built relatively cyber secure, so that they do not introduce significant cyber risks into our homes or organisations. Unfortunately, for many smart devices, the opposite is true. They are often Insecure by Default, containing known vulnerabilities, weak default credentials, unnecessary services, or other security flaws. When we connect these insecure devices to our home internet network, we can potentially be putting not just our data and systems at risk, but our personal safety as well.
So, what are some of the risks of using these so-called smart devices?
Risks to our data and systems
Insecure devices will not only put the data on that device at risk, but also the data on all the devices connected to your home network. This data could include confidential information like personal information, such as photos or videos of you and your family, copies of identification documents, names, and email addresses, or financial information, such as the username and password to your bank account, and your bank account details and balances.
If a malicious actor was able to obtain this data, they could potentially use it to perform criminal acts against you or your family, such as identity theft, financial fraud or extortion.
A common example of is your home’s modem or router. These devices are installed in most households and are essential for creating and connecting your home network to the wider Internet. However, did you know that most of these devices ship with default credentials that can be used to take control of that device remotely? Without changing these default credentials, it can be as simple for an attacker as entering the default username and password that they found on Google to take control of the device. Once they have control of your modem or router, they can then potentially view or alter the data sent from or to all of the devices connected to your home network.
Risks to our personal safety and property
As more smart devices are used to control everyday objects, like the locks on our doorways or the keyless entry into your car’s garage, there is a greater potential risk to our personal safety and property that could be exploited. If the smart lock on your front door has an unpatched vulnerability, for example, an attacker could potentially hack the door lock and open your front door, allowing them unrestricted access to your home and its contents.
Additionally, data that an attacker can compromise can also pose a risk to the personal safety of you and your family, such as information that can identify where you live, if you live alone, where and when you work, your family members – the list goes on.
What can we do to reduce the risk?
Here are some simple steps that you can take before and after purchasing a smart device that can greatly reduce the potential cyber risks they bring into your home:
- Do a bit of research: Prior to purchase, do a bit of research into the device you are considering. Some good questions to answer include: is the device made and currently supported by a reputable company? Does it have default credentials that need to be changed? Are there known security issues with this device? You’ll be surprised by what some simple Google searching can turn up.
- Change the default credentials: If the device ships with default credentials, especially default administration credentials, ensure that you change them immediately to a password that is strong and unique.
- Use strong passwords and Multi-Factor Authentication: For devices that require you set up an account for their use (or default credentials that you need to change), ensure that you use a strong and unique password. If Multi-Factor Authentication, also commonly referred to as MFA, is supported by the device, utilise it. If you have trouble remembering all the different passwords you have, consider using a free password manager.
- Patch and update your devices: If a patch or update is available for your device, make sure that you install it promptly. These patches are exactly that – they provide a patch to cover up a hole or known issue in the device you use, usually deployed directly to the app or via the app store you use. Patches are often how the supplier will fix security vulnerabilities as they are identified.
- Weigh up the pros and cons: When considering purchasing a smart device, way up the potential benefits, such as useability and convenience, with the potential risks that the device might introduce.
These are just a few of the steps that you and your family can take to reduce the risks that smart devices can introduce to your data, your home and yourself.
You can find more Cyber Tips of the Month on our website for more advice, tips and tricks when it comes to the technology we use in everyday life.
Find out more about PROTECT+, Kinetic IT’s cyber security solution.