As we make large strides in technology and the “Internet of Things” (IoT) becomes increasingly prevalent in our daily lives, it becomes easier and cheaper to find smart devices, from smartwatches to kitchen appliances, that make our lives easier and simpler. However, It is a huge responsibility of the manufacturers, not just us, the users to ensure smart devices have a level of security.
In our last blog regarding IoT security and the Internet of Forgotten Things (IoFT), we explained that IoT security “…includes ensuring that the devices themselves are secure, that the networks they use are protected, and that the data they generate is kept confidential.” IoT devices cannot properly be incorporated into our daily routines without access to very personal and private data, which stresses how important and crucial IoT security should be.
Therefore, it is alarming when a manufacturer churns out IoT devices with little regard for security. Although you can order a smart plug for as low as $20 online, choosing your IoTs based on convenience and cost is the first wrong move you can make.
Ars Technica published an article about a smart plug by a common brand that not only was very popular but, unfortunately is very easy to hack into. The IoT security research firm Sternum was able to “trigger a buffer overflow by passing the device a name longer than its 30-character limit—a limit enforced solely by Wemo’s own apps—with third-party tools.” This allowed them access to the devices without providing proof of authentication or credentials. Sadly, several smart home guides and reviews recommended the smart plug, and combined with its competitive pricing they flew off the proverbial shelves, with users oblivious to the lack of security.
And what did the manufacturer do with this very serious information? They confirmed that the smart plug was nearing the end of its life and therefore was not worth resolving. The smart plug was not even considered an IoFT yet and it was already not being supported by the manufacturer.
Here are some tips for making sure the IoT devices you incorporate into your IP network are legit:
1. Do your research: The proof is almost always in the pudding, and it is easy to find articles on manufacturers and brands that have had data breaches in recent years, as well as how they fixed security issues and compensated users.
2. Local-only Support: Data is locally stored and processed, making it easier to manage and more private. Matter has become popular with Google products, along with ZigBee.
3. Opt-Out Options: An IoT that allows you to opt out of certain features is a good sign. This means you can control what information you do or do not want to share or are potentially vulnerable.
In an era where the Internet of Things (IoT) is transforming our lives, ensuring the security of these smart devices is of paramount importance. As technology continues to advance and IoT devices become more accessible, it is crucial for manufacturers to take responsibility for the security of their products. Our previous blog shed light on the significance of IoT security, emphasizing the need to protect devices, networks, and data generated by IoT devices. Yet, it is concerning to see manufacturers prioritize convenience and cost over security, as evident in the case of a popular but easily hackable smart plug. Despite recommendations and high sales, the manufacturer failed to address the security vulnerabilities and even discontinued support for the product. To safeguard your IP network, it is vital to conduct thorough research, opt for locally stored data, and choose IoT devices with customizable privacy features. At No-IP, we are committed to empowering users with knowledge, but it is only through robust security measures that we can truly embrace a smart world. Stay informed, stay secure.