INTERNET OF THINGS TICKING TIME BOMB

THE INTERNET OF THINGS – Could Be A Ticking Time Bomb

The “Internet of Things” is a term that describes any gadget, gizmo or tech equipment that is connected wirelessly and controlled over the internet. Some examples of the connected devices that make up the internet of things are webcams, refrigerators, smart TVs, thermostats, copiers, medical devices, automobiles, alarm systems, baby monitors, fitness bands, computers, modems, routers, digital recorders, etc.  For purposes of this article, I will refer to them as “IOT” devices.

Presently, the estimated number of IOT devices is approaching around 5 billion devices. That number is expected to rise to 25 billion by 2020. A study by HP Security Research concluded that 70% of the most commonly used IOT devices had serious security flaws. 90% of these IOT devices were using unencrypted network service and 70% were vulnerable through weak passwords.

Internet of Things
Change the username & passwords on these gadgets

THIS POSES A VERY BIG PROBLEM!

The security flaws common in so many of these contraptions allow any skilled hacker to easily take control of one or more of these devices. Therefore, hackers are constantly searching the web trying to break into one of these IOT devices. Once a hacker gains control of one of these devices, the hacker can then gain access to the other connected devices – that are also connected to your Wi-Fi network.

Many of these devices are really only unsecure because the user doesn’t bother to change the assigned factory settings. They forget or neglect to change the username and password when they connect the device to their home Wi-Fi network. Hackers know the factory default passwords assigned to these devices.

So, if the user doesn’t change the default settings to something long and complex, then that device will be an open invitation to any hacker. Consumers are usually unaware of this and may not know how to even begin to secure these poorly-secured IOT devices. Furthermore, it is often up to the consumer to check to see if the manufacturer has a firmware update available for them to download.

Worse yet, there is no current security standard required of the manufacturers of these devices. Additionally, a lot of these devices are designed and manufactured in foreign countries that really don’t care about security vulnerabilities.

The FTC is starting to take this problem seriously and urging businesses to build better security into their IOT devices. They are also preparing to regulate IOT devices in an effort to protect consumer’s privacy and security.  They specifically want to start by regulating automobiles and mobile-payment methods such as Apple Pay.

TIPS TO HELP PROTECT YOURSELF

  • Don’t store personal information on any device – including your real name.
  • Change the default username and passwords on all of your home network devices.
  • Periodically check the manufacturer’s website to see if a firmware update is available.
  • Use a different complex password for each one of your devices, so that if one device gets hacked, your other devices will not be jeopardized.
  • Use anti-virus and anti-malware software on your home computer network and set them to automatically download any new updates.
  • Keep your smartphone protected – it is the gateway to your car’s connectivity and many other IOT devices. Be sure your smartphone is password protected and has anti-virus and anti-malware installed on it.

For more in depth information about the internet of things, Brian Krebs of Krebs on Security, has an excellent article about this topic. Here’s the link to it:  https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-stuff/

ALSO, be sure to read a previous article I wrote about Router Security

FBI Warns of Router Vulnerabilities

Router Vulnerabilities

The FBI is sounding the alarm and giving an official warning about router vulnerabilities. Apparently, foreign hackers are using a type of malware called “VPN-Filter” to target routers around the world. These router security vulnerabilities were present in many of the most popular router brands.

Your router is often one of the most overlooked of all your computer devices. Realize that hackers can and often do break in to a router, just as easily as any other device on your computer.

Router Vulnerabilitles
Check for updates every 90 days

 

SO WHAT IS A ROUTER ANYWAY?

A router is defined as a hardware networking device that routes data from one computer network connection to another, on the internet. It performs traffic directing functions that allow authorized machines to connect to other computer systems. They are in essence electronic devices that join multiple computer networks together.

If your router becomes compromised, the security of all the devices that utilize that router, are in jeopardy. Once infected, Malware causes the router to block all network communications, thus rendering your router inoperable.

ADVICE FROM THE F.B.I.

According to the FBI, this Malware is difficult to detect and defend against. Therefore, the FBI is recommending that owners of home offices and small office routers should immediately reboot their routers. By doing so, it can disrupt this newly discovered Malware. The FBI is also recommending that, if you have not already done so, immediately change the “default” password and choose a new strong and long password.

Lastly, the FBI is also advising everyone to upgrade to the latest version of their router’s firmware.  Unfortunately, the companies that produce routers don’t automatically notify you when an update is available. So, it is up to you to look for them and download them yourself.

In order to do so, you need to use your internet browser to log into your router, using your router’s IP address. By default, most router manufacturers use 192.168.0.1 or 192.168.1.1 as the IP address.

Alternatively, using Windows 10 you can find your IP address by going to your Settings and choose the Network and Internet icon. Next choose Ethernet and click on your network. Then scroll down to Properties to find it.

It is recommended that you check for updates every 90 days. Below are the links to more information for updating the most popular brands of routers.

Apple:   https://support.apple.com/en-us/HT201519

Asus:  https://www.asus.com/microsite/2014/networks/routerfirmware_update/

D-Link:  http://support.dlink.com/

Linksys:  https://www.linksys.com/us/support-article?articleNum=135561

Netgear https://kb.netgear.com/23442/How-do-I-update-my-NETGEAR-router-firmware-using-the-Check-button-in-the-router-s-web-interface

SCAN YOUR ROUTER FOR ANY BREAK-INS

Using the link below will enable you to check your router for any break-ins.  It is a safe and free service that is specially designed to scan your router to make sure there are no hackers lurking in your router.

Here is the link:

https://www.f-secure.com/en_US/web/home_us/router-checker

Just click the “Check Your Router” icon and you’ll receive an instantaneous report.