’Tis the season for giving gifts. And increasingly, those shiny new toys and gadgets can be connected to the Internet—from TVs to watches, speakers to Barbie dolls.
That Internet connection opens up a ton of possibilities for how we can use and enjoy our new devices. (“Alexa, play my Christmas playlist on Spotify, and also order my favorite pizza from Domino’s,” says my future self. I’m looking at you, Santa.)
But it also makes us more vulnerable to cyber attacks, whether it’s hackers infiltrating a device’s connection to swipe sensitive personal information or wielding our possessions as cyber weapons against businesses and organizations.
Hackers’ gateways into our homes are only growing more numerous. One recent study by Canadian networking firm Sandvine found that the average home in North America uses at least seven connected devices each day.
Meanwhile, a report this year by Pwnie Express—a Boston-based startup that helps businesses detect nearby rogue devices that might pose a threat—assesses some of the most vulnerable connected devices, from HP printers to tablets and phones made by Samsung, LG, and Coolpad.
“Any connected device can be vulnerable and any can be safe,” says Paul Paget, CEO of Pwnie Express, in an e-mail to Xconomy. “It really is about buying secure devices and then behaving in a cyber-smart manner. Manufacturers need to do a better job of incorporating cybersecurity in their products. However, consumers also need to be better educated and follow some simple steps” to secure their connected devices, he adds.
To put together a list of recommendations for readers, Xconomy tapped the expertise of Paget, Xerox CTO Sophie Vandebroek, and LogMeIn CTO Sandor Palfy. The trio spoke about securing connected devices at Xconomy’s recent “State of Cybersecurity” forum, and after the event we solicited more details via e-mail.
Here are their top tips for securing the growing stock of connected devices in people’s homes:
1. Do your homework before buying. This might be a moot point if your connected device was a gift (although that’s why they invented gift receipts). Either way, Palfy and Vandebroek recommend researching what security measures (if any) the product manufacturer has put in place.
“Be skeptical of devices that don’t require basic security measures like strong passwords,” Palfy says.
And watch for security notices about the product after purchasing, Vandebroek adds.
Palfy also recommends researching what data the product manufacturer collects.
2. Secure your Wi-Fi router. Before hooking up your new gadget to the Internet, here are some defense measures Palfy and Vandebroek suggest for your home’s router:
—Set a strong password for the router.
—Turn off the setting that broadcasts the router’s presence to nearby devices, even if access to your network is password-protected.
—Disable the router’s remote management capabilities.
—Don’t allow incoming connections, meaning devices on your local network should not be accessible via the Internet.
—Disable the “Universal Plug and Play” setting. (More on that here.)
—Encrypt the data being transmitted via the router.
—Make sure you’re using an https Web page to configure your router’s settings because such websites are encrypted. “This is usually a small Web page hosted on the device itself and accessible from a Web browser,” Palfy says. “Most devices come with an unencrypted http interface and the end user has to enable” https.
For more router security tips, check out this article recommended by Vandebroek.
3. DO NOT USE PUBLIC WI-FI UNLESS YOU REALLY MUST. Paget put this tip in all caps, so clearly the risk of hackers intercepting information transmitted over a public connection is not to be taken lightly.
During the times when using public Wi-Fi is a necessity, just be careful.
“It’s important in those moments to avoid going to unfamiliar websites or opening e-mails from people you don’t know,” Paget says, when asked about using a public Wi-Fi network on a smartphone. “Get what you need, and then get out and turn off your Wi-Fi. If you have to take one risk, don’t put yourself in more danger.”
Or use the device’s cellular connection, if possible. That’s usually a safer bet than public Wi-Fi, Palfy says. “It is very easy to set up a malicious [Wi-Fi] hotspot, but you need special equipment to do the same with cellular,” he says.
You might also consider setting up
