Bogdan Botezatu, senior e-threat analyst at Bitdefender, talks about the rise of IoT devices and the implications for cybersecurity.
Our homes are getting smarter. Over the past few years, a multitude of internet connected devices have been released that serve a wide range of functions, from allowing us to turn the lights on via voice command through to locking or unlocking our front doors remotely.
The aim of these devices is clear — making domestic bliss easier and more convenient to achieve, often whilst saving us money in the process.
However, while keen to extol the virtues of these products, manufacturers are often more reticent when it comes to the potential risks associated with them.
The fact is that each device may lift some of the admin burden from everyday life, but it may also compromise two of your home’s most important characteristics — privacy and security.
This is because each device, if compromised by an external malicious actor, offers a potential entry point into your home.
And given that research from Bitdefender has found that the number of IoT connected devices/accessories has now reached nine per home in the UK – representing a significant increase in access and corresponding security concerns.
Smart doesn’t mean secure
Security researchers studying smart devices are also observing a worrying trend, in that a number of supposedly ‘smart’ products lack even the most basic level of security measures for protecting users’ privacy and data.
This is clearly worrisome for consumers. In the UK, for example, most smart device users are concerned that their devices can be infected with viruses (54%) and that sensitive information (usernames, passwords, credit card details, money) can be obtained (49%). And seven out of 10 users have at least one camera connected to the Internet.
This issue is worsened by the fact that any internet connected device that has a camera attached to it likely has a microphone built-in as well, allowing it to function as a particularly effective spying tool if accessed and manipulated by hackers.
And, given that they usually share a network with other household internet connected devices, connected cameras can be used as gateways to launch attacks on other devices or even compromise entire home networks.
Digital eyes are everywhere
It is important to remember that these vulnerabilities are by no means limited to webcams.
Vulnerabilities are present across almost all smart devices. For instance, Smart TVs are also webcam enabled, and seven out of 10 UK Smart TV users do not have a security solution in place for them.
This issue is compounded by Smart TV users installing additional software/ apps on Smart TVs, especially unofficial ones that may contain vulnerabilities or malware.
It is also noteworthy that most smartphones and laptops integrate cameras that connect to the internet, and users must be wary of their privacy when operating any IoT devices that sport such features.
So, what practical action can users take to best protect IoT devices and home networks from external access and exploitation?
Safeguard all entry points
Firstly, people must realise that a network is only as strong as its weakest entry point. Once hackers have gained a foothold on the network, malware and manipulation is more easily spread to other devices.
Therefore, taking precautions such as changing the passwords on devices from the default setting, and performing regular firmware updates on devices go some way towards mitigating risk.
And in the case of webcams, physically covering the lens can stop spying (although it will not affect eavesdropping). But for more comprehensive protection and peace of mind, a dedicated IoT security solution is required.
Many cybersecurity companies offer dedicated webcam protection features that detect access attempts from third parties on laptop or PC webcams, and alert users.
Some have gone one step further, and now offer revolutionary technology that allows people to protect every device on their home network from a single piece of hardware.
With such a device in place, users are relieved of the headaches associated with monitoring security software for each individual device, and provided with real IoT peace of mind.