Don’t let your fridge door be a way into your network
Police have warned that household appliances which connect to the internet will increasingly be hacked by criminals seeking to steal your identity, rob your home or bank accounts. Chief Constable, Mike Barton, who leads the National Police Chiefs Council on crime operations, has warned about the dangers of the Internet of Things (IoT) as more ordinary household items become connected.
The emergence of the ‘smart home’ means that everything from our heating to the volume of the music on the radio can now be intelligently controlled. Whilst this undoubtedly is a glimpse of what the future will hold, the salient truth for most consumers is that they have no idea just how secure these applications are – and is probably not even on their radar during purchase and installation, and is often only considered once it is too late, i.e. when they’ve been hacked.
In recent years the tightening of regulation and legislation has meant that manufacturers have had to be far more transparent regarding the energy efficiency of consumer products – a consequence of which has been the introduction of Energy Performance Certificates (EPCs), and Barton believes a similar policy should likewise be taken by the manufacturers of internet enabled devices – so that next to a product’s energy efficiency will be its security rating.
Above: Energy Performance Certificates (EPCs) have made the energy efficiency of consumer products far more transparent
Barton also stressed that the time to implement such a rating system is now, as we have only really seen the tip of the connected devices iceberg. There will be an estimated 21 billion connected devices by 2020, by which time it will be even more difficult to introduce security measures.
The situation is made doubly worse when you consider that many smart device manufacturers are, to a degree, stepping into the unknown. Traditional consumer goods like fridges, TVs, kettles, washing machines etc, have never been connected before so the manufacturers have had to undergo a very steep learning curve in recent years, and as such security measures have generally not been embedded throughout the development phase of the product.
Commenting on the story, Cesare Garlati, Chief Security Strategist at the prpl Foundation commented: “IoT and connected devices have become the biggest threat in the modern world as attackers continue to exploit the capabilities and vulnerabilities of these devices. Dishwashers, fridges, kettle, TVs - they are all risks to consumers as the security within these devices is non-existent, leaving people exposed in their own homes.
“To stop this failing by manufactures and developers from becoming a pandemic, the prpl Foundation has provided guidance on how to create a more secure Internet of Things that advises to adopt a hardware-led approach that sees security embedded from the ground up. By making sure these points are addressed before large scale implementations, it can save time and limit potential damage in the future. In the meantime, people can start by taking control of the security in their smart homes starting with the home router.”
- Regularly check for router firmware updates
- Change default password on router
- Configure firewall policies
- Enable MAC filtering
- Use guest network for guest devices
- Use guest network for home devices
- Disable UPnP
- Close all ports on the firewall