The Internet of Things (IoT) encompasses the billions of devices connected to the web globally with sensors, software and processing capabilities. While smart home devices are designed to make our lives more convenient, they can also introduce serious security risks to both work and home life.
Abusing IoT devices has become popular among cybercriminals. More than 77 million IoT malware attacks were reported, while more than 700 ads on the dark web offered distributed denial of service (DDOS) attacks facilitated via IoT botnets in the first half of 2023 alone.
Securing smart home and other IoT devices is an important action to take.
Smart home devices have become ubiquitous. Smartphone apps enable individuals to monitor when their children come and go via security cameras, answer the doorbell, or adjust the heat at home — all while working at the office or while running errands.
While they may seem harmless, home IoT devices and their mobile applications often don’t have the security measures necessary to prevent third parties and cybercriminals from monitoring the homeowner’s daily routine or accessing personal and work information on connected devices. Their firmware can be outdated or contain unpatched vulnerabilities, and since it’s not unusual for patching or updating to fall to the bottom of the average homeowner’s priority list, these IoT devices can create security gaps in their network.
To be effective, IoT devices are constantly listening, watching and gathering information. If cybercriminals can hack into them and access that data, the question can switch from “Are you watching your TV, or is your TV watching you?”
The automatic content recognition embedded in smart TVs gives the manufacturer permission to track the shows watched and then share that data with third parties for programming recommendations and ad targeting. Knowing what else they do with the aggregate data once compiled is challenging. These manufacturers depend on consumers not understanding the extensive terms and conditions that permit them to access and store your data.
Many smart device manufacturers are in the business of collecting and selling our information for corporate gain. Yet that data could land in the wrong hands if one of those third parties experiences a breach. Individuals should research the kind of data is being collected, how it is collected and then set limitations whenever possible.
Those concerned about data privacy might consider giving up some smart device functionality — because a manufacturer cannot leak personal data it has not collected.
To minimize the security and privacy risks, individuals may want to think twice before connecting specific home devices to the internet. Here are a few device-specific issues to consider.
Every individual needs to consider the risks associated with each new smart device. Here are a few tips to help manage those concerns. Start by only purchasing from manufacturers that have a strong reputation for security and data privacy — and that back it up via contractual language. Then, to further protect the device and your network: