internet connected devices

New Year, New Gadget?

Given a security camera or voice-activated device this Christmas?  Here’s what you need to know!

The ultimate Christmas present and just what you always wanted, a voice-activated device to cater to your every command and a security camera tool to help keep you, your family or your business safe.

Hoorah!

You’ve set them up and are enjoying making use of their many benefits.

If you work from home or are using your new connected device in a corporate environment, please be aware.

Do you know who else is using them too? 

No, not other members of your family, not even friends. Total strangers, hackers, yes, hackers!

There have been several reported incidents recently, mainly in the USA, where hackers have gained access to these devices and have been able to monitor activity within the home and even to speak directly to children in their own bedrooms. Very scary stuff indeed.

Such devices are often not designed with security as a key feature as it is not as sexy as having a high-resolution camera or massive storage capabilities. Also, a low price point, when it comes to sales, means features are removed and sadly, security is often one of those to go or to be reduced in scope or quality.

So, if you have been the recipient of such a device, here are some essential steps to take, in order to ensure the hackers don’t invite themselves into your home.

  1. Check your security settings. Any quality device will allow you to view the security options and make changes. Never leave a device at ‘factory settings’ as these are the starting point for any hacker attack.
  2. Look at the passwords you are using.  Passwords should be strong, that is to say that they should, ideally, be long, include upper and lower case letters, numerals and special characters.  Try to avoid personal information and do not fall into the trap of opting for your birthday or pets name!  Default passwords should be changed immediately.
  3. And, ensure that you regularly review and change your passwords.
  4. If you find it hard to think of suitable passwords or have difficulty in remembering them, try using a password manager such as LastPass. These services can generate strong passwords for you as well as storing them, where only you have access.
  5. Definitely establish two-factor authentication security, if an option. This process involves you not only entering a strong password but also a unique, one time used password, which is sent via text or a code and taken from your Smartphone.  This code is then used to establish your identity. These password generators are often free and are available from many companies such as Google and Microsoft.
  6. A voice-activated device will usually connect to your internal network to gain access to the worldwide web, so always check your router settings and ensure you have enabled strong passwords and encryption (you will see terms such as WEP in your settings for the encryption).
  7. Be aware of any device being activated in an unusual or unexpected manner. If you have not sent instructions for it to do something, it is possible that someone else did.
  8. Check your router’s activity log to see if any device is communicating out to the world wide web. This could indicate your device has been compromised and is sending out your personal data. Or, it could be being used along with thousands of other devices to be used to attack other web sites, as was the case with Spotify, Netflix, and PayPal, who were temporarily shut down due to such an attack.
  9. Switch off any features you don’t need on a device or router such as remote access. Many options appear as default settings. The less that are enabled, the smaller the attack footprint there will be.
  10. Change the device or router name so it does not identify the manufacturer or ISP, this makes it harder to identify from the outside. Also never use your surname or address as an identifier, this will expose your personal information which could be used against you

Words of wisdom from Colin Tankard, our Managing Director at Digital Pathways,

“These voice-activated devices have become commonplace in many of our homes and are a useful and helpful addition. However, we must consider their downsides too. Remember, many of these devices are driven by voice command and consequently, are also listening. There have been accusations of companies ‘listening’ in, storing data in order to send through tailored advertisements.”

“A voice-activated device and systems that monitor activity, such as CCTV, are good at alerting you to intruders but they are two-way and can be used by outsiders to watch you. So when installing these, consider not only all of the security steps above but also, where you locate them. If your device is compromised you might not want your bedroom or bathroom activities seen!

“Such technology is only likely to grow and evolve.  The onus of keeping safe must rest with us. Employ the simple password control strategy backed up with two-factor authentication and you are in a much safer space.”