Can I Be Hacked Through My Thermostat?
Top 12 Questions To Ask Before Turning My Connected Devices On
Lowering the blinds, getting the coffee to brew or just locking up the house from a smart device is great fun. Until someone breaks in through your virtual back door. Before you start linking your connected devices together like Legos, make sure you’ve doubled-down on your security of your IoT devices. Here are the top 12 questions you want to ask yourself before wirelessly brewing your morning java.
- Have you changed the password from the factory setting? “Attackers will always take the easy route in, if you offer it,” says Ken Westin, senior security analyst at Tripwire, a Portland, Oregon security software seller. So get in there, and come up with something new.
- Is your password following best practices? Letters and numbers in your password shouldn't be easily guessed or relate to your age, address, significant other, child or pet, advises the FBI. They also shouldn't be the same as the passwords you use on other online accounts. If hackers guess one, then they access to everything.
- Are you using two-step verification? Using biometric verification like fingerprint scans, or having a second temporary passcode sent to you through a text message or phone call, is highly recommended, especially when services are accessed from unknown devices, says Tony Anscombe, security evangelist for the Amsterdam-based online security company AVG Technologies. That way even if hackers guess your first password, they need the second step to actually access your accounts.
- Have you set the privacy settings for your social media sites? Cybercriminals will look to social media for clues so they can engineer passwords, says Anscombe. Your dog’s name, kid’s school, your hometown: those are all clues hackers can grab easily from posts. So unless you’re a public figure, and looking for followers, it’s better to broadcast just to friends.
- Is your device up to date? Manufacturers should regularly update their software — and automatically. If they don't, that's a red flag. “Ensure that all devices are kept up to date with security patches, not just your laptop and phone, but also firmware for any connected device including security cameras, wireless routers, thermostats and other devices,” says Ken Westin, a senior security analyst for Tripwire, a security software seller from Portland, OR.
- Does your WiFi network have its own firewall? You should isolate your network from the public Internet. “The best approach is to have an additional hardware firewall with anti-hacking software protection between the home or business router and IoT device environment,” says Joe Liu, CEO of MivaTek, a smart home and business video alarm, awareness, and assurance solution and service company. Disable guest access too, experts say.
- Did you download apps from an official site? Apps you install on your mobile device can contain malware if they’re not from an authorized source. The safest option is an official app store like Google Play or Apple’s App Store. Malware hands control of a user’s phone — and their data — to a cyber criminal. Stolen text messages and other information can then be used by an attacker at a later time.
- Is your data backed up to another device, such as a hard drive or a cloud platform? If your device is lost, stolen, broken or infected by ransomware — encryption that cloaks your information until you pay a cybercriminal — having a copy of that data can save you time — and terror.
- Is your Bluetooth, wireless, or infrared connection turned off if you’re not using my device? Keeping a wireless connection open to your device, is like leaving a home window ajar while you’re away. Turn it off.
- Do you know what data your apps are collecting, storing and then sharing from your devices, asks Pat Clawson, CEO of Blancco Technology Group. Be particularly suspicious of free apps and programs. If they’re not making money from you — they’re likely drawing revenue from selling your information to other people.
- Do browsers on your phone block pop-ups and only allow cookies from sites you approve? You only want your phone connecting to sites you want launched.
- Thinking of donating or tossing out an old phone? Make sure that it’s cleared of all your information. A study by Cambridge University found contacts, images, emails, and other data remained on 630 million Android phones even after they were wiped. That means data can still be recovered, says Blancco Technology Group's Clawson. Restoring your smartphone or tablet to factory settings is often not enough. You’ll also want to sign out of apps like Facebook or Twitter. And others suggest loading a device with dummy data — to overwrite what’s already on there. If someone really wants to access your data, you want to make it as difficult as process as you can.