As we have recently seen, everyday devices that connect to the internet – the so-called Internet of Things (IoT) -- are vulnerable to cyber-attack.
Last month, a hacker harnessed tens of millions of these devices to launch denial of service attacks that temporarily blocked access to major web destinations like Amazon, Netflix, and Twitter.
Apparently, it wasn't that hard to do. These devices, for the most part, are largely unprotected by security software. How many IoT devices are in your home? Probably a lot more than you think.
The IoT includes things like your router, your DVR, and your printers. But it might also include your refrigerator, smart lighting system, and your thermostat.
Invasion of the botnets
A clever hacker can easily penetrate these devices and insert a botnet, ready to take over the device and follow the hacker's orders. Botnets have taken over PCs for years, using them to send out spam emails. Now that they can seize millions of other devices, they are even more of a threat.
Security Intelligence, a cyber-security publiction, raised the IoT security issue two years ago. Back then, it pointed to several potential pitfalls.
First, with so many devices – and some estimates predict 30 billion connected devices by 2020 – it will be next to impossible keeping security on them up to date.
Because there will be so much data moving through the IoT, how do you tell the good data from the potentially harmful data? And with companies using proprietary implementations, it could make it harder to find hidden or unknown zero-day attacks.
What to do
While there are step consumers can take to make their IoT more secure, California Attorney General Kamala Harris says manufacturers of these devices have not done a good job of telling consumers how to do it. A first step, she says, is for consumers to change the default passwords for any and all devices that connect to the internet.
To do that, find the default login information in the user manual, or in some cases, on the device itself. If it isn't obvious, do an online search for “default router, DVR, or webcam username and password,” then check for the name and model of your device.
You then use the default log-in to access your account and change the password.
Ultimately, Harris says manufacturers need to do a better job of making their devices more secure to start with, and regularly updating their security protection.