Zombies and IoT Have More in Common than You Think

illustration of smart homeIf you watch The Walking Dead, it’s easy to identify the zombies by certain characteristics—they are dumb, silent, and there are tons of them. The same thing can be said for today’s consumer IoT devices.

Like zombies, consumers should fear the IoT because manufacturers aren’t creating secure devices and those same consumers aren’t doing a lot to secure their devices. Most people just plug in their devices and forget them. In the end, these little devices can be silently used to carry out malicious activities without the knowledge of the end-user.

A number of stories were posted this week about IoT devices being used in DDoS (Denial of Service) attacks because of their weak security features. Like The Walking Dead, consumer IoT devices are dumb and silent—and there are tons of them. It’s these traits that make IoT devices deadly, as was highlighted in Security Week and Arstechnica recently.

If you’re a consumer, here are a few tips to keeping your IoT devices secure.

Tip 1: Read the manual and make sure you change any default passwords. Most nanny cam stories of strangers using a nanny cam to intrude on someone else’s life come from the fact that the owner of the device never set their own password. If you leave a default password, it’s like locking your door but giving everyone a key.

Tip 2: If you can’t update the firmware, your manufacturer doesn’t automate firmware updates, or you don’t know how to update your firmware, you may not want to buy an internet of things device. Firmware is the operating system that runs your device. When a device is launched into the market, there may be security holes within the operating system of the device. Manufacturers release patches to secure these holes along with adding new features to your device by updating the firmware. Unfortunately, hackers look for these holes on unpatched devices to exploit them and take them over.

Tip 3: Some manufacturers recommend opening ports in your firewall to allow inbound connections. I’ve used applications on my mobile device that allow me to control the lights in my office or my home speakers remotely. The drawback is that I need to open a hole in my firewall to expose my IoT device to the internet. The problem here is that I’m opening my device up to attach it directly. Look for solutions that allow the device to reach out for information or connect to a management system that allows the device to establish an inbound connection rather than opening a firewall port. Keep your toys behind a firewall.

Tip 4: Separate the IoT devices on your home network (i.e. thermostats, drop cams, etc.) from your other devices (i.e. computer, mobile device, etc.). IoT devices that are connected to the internet can be exploited to establish a foothold within a network. Devices on that network become targets for lateral movement. Additionally, you can easily disable all IoT network traffic if the traffic is segmented onto your IoT network by simply shutting off the router the IoT traffic is segmented onto.

Tip 5: If something is eating up the bandwidth in your house, check your IoT devices. If your devices are participating in an IoT denial of service attack as an attacker, there is a good chance they are eating up some of your bandwidth. The easiest way to check is to disconnect it from your network or turn it off.

Like zombies, it’s easy to outsmart your IoT devices with a little knowledge and the right weapons, keeping your network from becoming infected.