Internet-connected devices are more frequently found in households — covering everything from thermostats to toys, blu-ray players to baby monitors — but there are security trade-offs that come with the convenience of being able to turn on your home air conditioner from work or watch your children on camera while you dine at a restaurant.
And hackers are using those devices to launch massive cyberattacks against big internet firms, most notably in an attack Friday that disrupted the availability of such popular websites as Twitter, Netflix and PayPal.
John Zachary, chief executive officer and founder of Threat Trace, a Baton Rouge startup company based out of the Louisiana Technology Park on Florida Boulevard, said one problem is there are no consensus or security standards for “the Internet of Things” — a reference to devices that connect to the internet. The average North American home contains 13 internet-connected devices, according to the research firm IHS Markit.
“These devices are designed for convenience first, security second, if even at all,” said Zachary, who has more than 15 years of experience in cybersecurity research and development. “There are no firewalls, no antivirus software you need to update.”
According to Zachary, hackers built a network of more than 500,000 compromised Internet of Things devices worldwide. About 10 percent of those devices were used in the attack Friday that was launched against the server infrastructure of Dyn Inc, he said. Dyn, based in New Hampshire, provides the domain name services that translate the numerical internet addresses into human-searchable destinations such as “twitter.com.”
The connected devices threw massive amounts of data at Dyn’s servers, overwhelming its ability to do tasks like find internet addresses.
While frustrating people by limiting their ability to view Twitter or Netflix are pretty low consequences, Zachary said there are some frightening possibilities. “At some point, you could be able to control these devices remotely and you can tell them, instead of keeping a thermostat at a certain level, you should turn the temperature up,” he said.
The biggest thing consumers and business owners should do is treat all internet-connected devices like they would a PC, laptop or smartphone.
“Change your passwords and use strong passwords,” he said. “Make sure you update the software for the device regularly.”
Making sure your Wi-Fi network is secure and has a strong password is important, since most of these devices tap into office or household Wi-Fi. Hiding the Wi-Fi network is also a good idea, Zachary said.
And if you’re using Bluetooth to connect gadgets such as fitness trackers or speakers to other online devices, make sure to shut down the link when you’re not using it.