Thanks to Internet of Things, you can see who is at your home’s front door when you’re miles away at work. You can find out if your sprinkler system is leaking long before the monthly bill arrives. You can even check how many eggs are in the fridge while you’re at the grocery store. (Yes, the connected egg carton is real!)
But let’s not get carried away here. There’s a dark side to the Internet of Things. And Dale Drew, chief security officer at Level 3 Communications in Broomfield, gave us a tour of his Internet of Things home. More importantly, he also explained how to secure an IoT home so hackers can’t get inside through internet-connected eggs.
Watch the Tech+ Internet of Things home tour at dpo.st/techvideos.
Drew has five internet-connected thermostats from Nest, which can regulate on their own but he can also control them with an app if he’s on vacation. His Rachio sprinkler controller told him about a leak, which he says he wouldn’t have discovered until he got a high water bill. And the Quirky Egg Minder is really more for fun — it keeps track of when eggs are placed in the crate and advises which egg is the oldest so “Pick Me” next.
The devices all have their own apps and security. Drew has changed the default passwords — and says you should, too. To create a unique password, Drew recommends using mnemonic devices to create unique passwords (for example, use the same base word but change the first and last letters, substitute 3’s for E’s and add a symbol).
But another security feature Drew uses is an internet hub — like the Wink or Samsung’s SmartThings — to control multiple IoT devices with one mobile app. Extra security kicks in because in order for the IoT device to work with a hub, the manufacturer had to build in more security.
Provided by Wink
The Wink HUB
Wink, in particular, uses certificate pinning, encryption, two-factor authentication and does regular security audits. Users should also make sure their wireless networks have strong passwords.
“The biggest advantage of Wink is that it requires a bunch of security features for internet connected devices,” Drew said. “That means the vendors must be a bit more mature on how they develop their platform, how they authenticate and how they encrypt.”
Some older IoT devices weren’t built with security in mind. In fact, malware has already spread to hundreds of thousands of insecure IoT devices, which are really just computers with internet access. Through the botnet called Mirai, cyber criminals are bombarding websites or other computers with denial-of-service attacks. That brought down the website of intrepid security researcher Brian Krebs last month.
“This new botnet is compromising IoT devices and it’s a million nodes big,” said Drew, pointing to the culprit: IoT camera and digital video recorder vendors that didn’t think about security. “They weren’t really thinking about the overall ecosystem impact. The bad guy breaks into that and the password is root or admin/admin, and they get into the device. There is no way to patch it.”
A hub forces device makers to do much more if they want their device to be compatible. This also means that you don’t necessarily have to invest in a hub, Drew added.
“Buy products that are hub certified,” Drew said. “If I got the Nest thermostats and didn’t want the internet hub, I know they (Nest) had more diligence with how they are providing security with the product.”