Are IoT Devices STILL Insecure?
When the Internet of Things (IoT) tech was first being produced a handful of years ago, eager consumers snapped up what they could: smart vacuums, smart baby monitors, smart lights and more. These devices were so exciting because they seemed to give the average person greater control and customization over their environment.
Yet, almost immediately, security professionals warned of major gaps in security that allowed hackers to waltz in and take over those devices with ease. The result was horror stories of regular people losing control of their devices — the exact opposite of what they hoped for.
Now that it’s 2019, IoT devices are more popular than ever, and that leads many consumers into believing that tech manufacturers and vendors have solved the security issues plaguing earlier versions.
Unfortunately, that simply isn’t the case. Read on to learn why IoT devices still lack the security they need to keep you and your home network safe — and what you can do to stay protected even with a smart home.
A Fast-paced, Competitive Market
Believe it or not, the heat of the market is the number-one reason why IoT devices still harbor insecurities. While you might think that competition would drive developers to create more secure, higher-quality products, the exact opposite is true: In their desperation to get to market, many developers are ignoring blatant problems with their devices, especially when those problems exist in the code.
They think, “We can always send out firmware updates after we get to market to close vulnerabilities, and in the meantime, we’ll start making money on product sales.”
Worse, some IoT firms never even think about security. This happens when devices are developed not at a single site but across a range of locations: one team might handle the hardware, one team develops the software, another team organizes integration and dozens of other teams manage marketing, sales and customer service.
Often, because no one team is assigned “security,” each group assumes someone else in the supply chain is in charge of closing security gaps, and it never gets done. If there weren’t such great desperation to get to market, this oversight likely wouldn’t occur.
The Difficulty With IoT Updates
Regardless of why the security step is so frequently skipped before devices reach consumers, updates post-purchase aren’t fool-proof solutions in the IoT realm. In computer software and even mobile apps, updates are automatic, and most users don’t notice when changes occur — especially when they only address unseen security aspects of the tech.
However, IoT devices are all but impossible for developers to reach, which means they need to rely on users to perform updates themselves.
This is where the majority of the problem lies: Most IoT users don’t know they need to update their devices, and the rest likely aren’t certain how to carry out those updates.
Few IoT devices have screens; instead, they communicate to smartphones and computers through the home network. That means performing updates isn’t as easy as clicking through your refrigerator’s settings as you’re getting a glass of milk.
Instead, you probably need to access your IoT hub and manually search for settings. If you don’t have a single hub for all your smart tech, you can either purchase one (which will also need updating), or you will need to go one-by-one through your IoT apps and look for updates.
In the case of older IoT devices, you might need to physically connect a computer to the device with a cord and install updates that way. In every case, it’s a grueling process that most users forget or ignore — at their peril.
Ways to Stay Safe Anyway
Just because your IoT devices come out of the package with major security flaws, that doesn’t mean your futuristic smart home has to be riddled with vulnerabilities. You can take steps to protect all your tech, including your IoT tools.
First thing’s first: You need to ensure there is fundamental security on your essential devices, like your computers and smartphones. These are the tools that carry most of your data, so you need to have strong antivirus security, firewalls and automatic backups keeping them safe.
Next, you should protect your network. Any hackers who do gain access to your IoT devices will use your home network to access your data-carrying devices, so you need to use network protection tools to prevent that from happening. At the very least, you should encrypt your network and change your login credentials from the default username and password, which can be found online.
Finally, you should do what you can to keep your IoT devices locked down. This means setting a schedule to check for firmware updates, as annoying as that process might be. You should also subscribe to communications from device manufacturers so you won’t miss any critical information about newly discovered exploits or security patches.
The IoT isn’t new, but its lingering novelty continues to drive consumers and developers into a frenzy. As a result, the vast majority of these devices lack the security they should have in such a threat-ridden digital environment. You can build a smart tech wonderland and keep your data and devices safe, but only if you are committed to maintaining security throughout your home.