Authored by a Symantec employee
Technology has always had a first wave of early adopters eagerly buying the newest tech — the first PCs, then Macs, then cell phones, and now all the connected devices that make up the Internet of Things (IoT), like smart thermostats. As personal computers and mobile devices became commonplace, so did security risks that preyed on their vulnerabilities, yet adoption of protection against these risks lagged.
People are always slower to see the need for security — until something puts them at risk. Software like Norton AntiVirus made computer security as common to homes as PCs. Now security software is widely available for PCs, Macs, and mobile devices. How far into the future will it be before the first wave of IoT adopters realizes that connected devices — and the smart homes they automate — need protection, too?
The future is last fall
That future should have arrived last fall when the Internet broke. Indeed, last September the future did manifest in the form of a botnet dubbed Mirai (Japanese for “the future”) that launched a distributed denial-of-service (DDoS) attack against the website of cybersecurity journalist Brian Krebs.
Cybercriminals commonly unleash DDoS attacks to take down websites. They use botnets made up of thousands of computers to overload servers to the point that they cannot handle the incoming traffic — and the website goes down. But this time it wasn’t a network of malware-laden personal computers; in this unprecedented attack, the Mirai botnet used infected IoT devices.
The Mirai botnet
The initial history-making siege was followed by another Mirai botnet attack, this time on DNS provider Dyn. The October 21, 2016 assault was orders of magnitude more powerful, with an estimated hundreds of thousands of compromised connected devices from around the world pulled into the botnet. Major websites, including Spotify, Twitter, Netflix, and The New York Times, were shut down.
The Symantec 2017 Internet Security Threats Report (ISTR)
IoT devices can become compromised within two minutes of connecting to the Internet, according to findings in the 2017 ISTR published by Symantec.1
As the Mirai botnet proved, cybercriminals have also adopted devices in the Internet of Things. As more consumers purchase connected devices, each of which contains a mini computer processor, hackers have greater opportunities to use these small computers inside our smart homes to power large-scale cyberattacks.
Home routers and webcams are top IoT targets for hackers because they, like most other connected devices, have little to no security built in, making them vulnerable to malware. In fact, security is rarely a top priority for IoT device makers. They tend to follow poor security practices such as offering no system hardening and no update mechanism for software, in addition to using default or hardcoded passwords that are easy to guess.
By the end of 2016, besides Mirai there were at least 16 other known malware families specifically targeting IoT devices. According to Gartner, 2017 will see 5.2 billion consumer connected devices within the IoT, giving hackers many routes to access vast processing power resources.2
Building a smarter home
Even though smart homes can be found around the globe, few owners are likely to have evaluated the security of their home IoT ecosystem. Scary real-life instances of hacked nanny cams and connected door locks should be raising the alarm for smart home security. After all, these are powerful examples of how cybercriminals could invade your smart home virtually and physically, bringing a chilling new twist to home invasions.
Education is often the first step on the path to protecting yourself: Knowledge is power. Within the IoT world, this saying holds true. If you have a smart home, start with the one foundational item that connects and makes operable all your connected devices: the Wi-Fi router. Most people simply use the router provided by their Internet service provider (ISP), but the marketplace for independent routers is growing. Norton Core is one of the few home routers to offer security features — and of course it’s the only one that offers the protection of Norton security.
Top 10 best practices for a smarter home
In addition to vetting your router, you should carefully research each smart device you are considering adding to your connected home. What are the privacy policies? Will the provider store your data or sell it to a third party? How are updates enabled? Implement these best practices as you expand your smart home ecosystem:
- Research the capabilities and security features of an IoT device before purchase.
- Perform an audit of IoT devices already on your network.
- Change the default credentials on devices. If the device you’re considering doesn’t allow you to change the default password, choose a different device.
- Use strong and unique passwords for device accounts and Wi-Fi networks. Don’t use common words or passwords that are easy to guess, such as “password” or “123456.”
- Modify the default privacy and security settings of IoT devices based on your requirements, not the manufacturer’s.
- Use a strong encryption method when setting up Wi-Fi network access, like WPA2.
- Because many IoT devices come with a variety of services (like remote access) enabled by default, be sure to disable features and services that you may not need.
- Use wired connections instead of wireless whenever possible.
- Regularly check the device manufacturer’s website for firmware updates.
- Ensure that a hardware outage does not result in an unsecure state for the device.
The future of connected home security
As more stories about hacked IoT technologies make the news, the world will become more aware of the potential dangers that come with connected devices. For early adopters, now is the time to envelop their smart homes in an invisible field of protection, by securing their IoT ecosystems from hackers.
Disclaimers and references:
1 Symantec, 2017 Internet Security Threat Report.
2 Gartner Press Release, “Gartner says 8.4 billion connected ‘things’ will be in use in 2017, up 31 percent from 2016,” February 7, 2017.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone