loT (aka, Internet of Things) devices are everywhere, and so is malware. It only fits that many loT devices you may use are vulnerable. Let’s break down what to be on the lookout for.
If you need a refresher on IoT, check out our related blog: Are Internet-connected Consumer-grade Devices (IoT) Safe For Work?
First of all, it’s important to note a necessary fact about loT devices: they come with default passwords, making them highly vulnerable to simple attacks. While many of us know strong passwords for logins are essential, we don’t always think about the default password function within loT devices. Most are programmed with generic default passwords such as “12345” or “admin.” NordPass recently surveyed users and found that only 33% of users changed the default passwords on their loT devices (source). This is a BIG problem for users. Leaving the default password in place (typically unknowingly) makes them susceptible to attack.
According to the Survey, loT devices pose other vulnerabilities as well. Of the users surveyed, here were the key findings:
- 87% of respondents did not factor in security features with their IoT purchase.
- 88% are using IoT devices past its “supported” lifecycle. The manufacturer stopped publishing security updates, but respondents still left it powered on and connected to the internet.
- Only 36% of people change the default password on their internet router.
In the sea of cyber attacks and vulnerabilities, attackers look for easy and predictable entry points to perform their attacks. Insecure loT devices continue to be a prime opportunity for this.
So, what are we to do?
Follow these 3 Steps to Secure your loT devices:
- Perform regular updates to your loT devices. If your devices are not set to update automatically, change the settings so they do so. Software updates are one of the best defenses for security flaws and vulnerabilities. Once the manufacturer stops supporting your IoT device, stop using it — especially if you’re a business.
- Change default passwords ASAP. The minute you acquire a loT device, make it a habit to change the default device password to something strong and unique.
- Place IoT devices on a separate guest Wi-Fi or physical LAN when possible. Assume the worst-case scenario, and segregate the device from private traffic.