Security Risks of IoT Home Appliances Around Us
“Things” with Internet communication capabilities are penetrating our lives rapidly. These “Things” are so called IoT (Internet of Thing) home appliance or IoT device.
While the use of IoT devices are expanding in various fields, such as agriculture, construction, medical care, and nursing care, IoT home appliances are the most familiar to us among all.
IoT home appliances are home appliances with Internet connectivity, sometimes referred to as smart home appliances, or smart home devices. Not only personal computer and smartphone but also air conditioner, refrigerator, microwave, rice cooker, vacuum machine, laundry machine, smart speaker and network camera are IoT home appliances, which can be remotely controlled through Internet connection by users and even connected to each other. Although IoT home appliances are making our lives more convenient than ever because they can be connected to a network, they could bear the same security risks as computers.
Security Risks of An IoT Device
1. Vulnerability to Hijacking.
Once being hijacked, unintended actions or remote control can be conducted by someone other than users.
2. Information being stolen.
Personal information or information related to lifestyle, including device usage, may get stolen.
3. Being exploited for cyber-attacks.
An IoT device can be infected with malware and exploited for so-called DDoS attacks, such as simultaneous access to websites and servers.
Nowadays, we are using various IoT home appliances in our lives without giving a second thought and tend to ignore the above risks. Let’s take smart lock as an example, which has recently become a popular IoT device for families. Imagine how scary it could be if someone else open your front door remotely without your notice.
To summarize, it is important for us to have the knowledge that IoT devices in our homes can be hijacked by others. And to use IoT devices safely, let’s start by getting aware of which “devices with Internet connections” are being used in our homes.
Vulnerabilities of IoT Home Appliances Are Being Targeted
Among affluent types of IoT home appliances, there are some whose security measures are neglected in favor of attractive functionality. Vulnerabilities of software which are used on IoT devices are usually targeted by hackers.
In addition, households in general do not replace their home appliances like air conditioners, washing machines and refrigerators frequently. Consequently, as cyberattack methods are evolved, users may not have the security measures to counter them.
Other vulnerabilities that could be targeted include Wi-Fi routers. Although it is commonly encrypted, the old standard called WEP can be unencrypted easily, and information such as IDs and passwords can be extracted, or the contents of communications can be peeked at. If you are using a vulnerable Wi-Fi router, your computer or smartphone, as well as other smart devices, can easily be misused by others.
IoT Home Appliance Security Measures You Can Take Simply
Generally, it is hard for ordinary users like us to enhance the security level of our IoT devices. However, risks can be avoided to a certain extent if we pay attention to the followings.
1. Set Appropriate Passwords
When using IoT devices and Wi-Fi routers, it is important not to leave the password as it was when the device was purchased. The default password may be known by a third party and could easily allow intrusion. Please make sure your password is not just “PASSWORD” or something like this which is easy to guess. If you change your password, do not use one the same as that of another device or something easy to guess, such as your birthday or name.
2. Check Occasionally to Make Sure Your Devices Are Connecting to Appropriate Network
Knowing which Internet connection your IoT devices are connected to is also important. Even if your devices were connected to your home Wi-Fi by default, it is not uncommon that your devices may be automatically connected to the Wi-Fi of a neighbor with a stronger signal or to a free Wi-Fi when the settings of your devices are reset due to a power breakdown, for example. Wi-Fi that an IoT device can be connected to without entering a password is very risky. Do not let your guard down and check the connection environment from time to time, even at home.
3. Choose IoT Devices Provided by Reliable Companies
There are various types of IoT appliances with similar functions, and some of them are not safe to use. There is no guarantee that products developed for the purpose of cyber-attacks will not be mixed in. It is best to avoid using IoT appliances that do not have a contact information or service support for inquiries, are way too underpriced, or you have other concerns about. Choose a product from a reliable manufacturer and check the availability of contact information and service support before purchasing one.
4. Switch Off the IoT Devices When You Are Not Using Them
IoT appliances that are left powered on are connected to the Internet. There is a possibility that the device could be hijacked and misused without your knowing about. Be sure to turn off the power when the devices are not in use or when they have malfunctions. In addition, old IoT appliances that were purchased many years ago may not be service-supported by manufacturers anymore. Be aware that more vulnerabilities and higher risks are involved in continuing to use IoT devices that have not been updated.
Please stay aware of security risks while enjoying the convenience brought by IoT devices and make sure you have the right knowledge and measures in place.
SECOM security devices can be assured to include IoT devices with high-level security standards that provide operational convenience and safeguard your privacy. Gain peace of mind with a range of alarm monitoring systems that guarantee a safer and more comfortable life for you. Consult your security needs at your asset or business location with SECOM, contact us.
Editorial Supervisor:
Hiroaki Hamada (濱田 宏彰)
Risk Management Group, Intelligence System Laboratory, SECOM CO. LTD.
Senior Risk Consultant / Certified Security System Expert / Certified Disaster Prevention Expert / Executive Director of Japanese Association of Community Based Civil Safety Sciences