Posted on Monday, March 07, 2016 in Managed RouterBlog written by Rob Swenson
As more and different types of connected devices go mainstream, the number of prospective targets for a hacker increases. However, investigative reports have indicated that some gadgets don’t pose much of a challenge to good hackers.
For the benefit of parents, an online ad for an interactive toy bear points out that gadget with the brains of a computer doesn’t transmit personally identifiable data about children.
The ad also declares that with unlimited Wi-Fi content updates available through a free app, the fun of playing with the toy animal never has to end.
'They’re pushing things out that aren’t as properly vetted for security as they should be.'
Of course, parents should be careful about sharing information about their children with connected devices. The data could be intercepted and misused. Adults also need to exercise care with their own gadgets.
In addition to toys, people are buying and using an expanding array of connected gadgets – everything from voice-activated information and entertainment systems to appliance controls that can be adjusted remotely with a smartphone.
Ashley Podhradsky is among the technology experts who question whether companies are putting enough thought into security before moving new devices into the market. She’s an assistant professor of information assurance and forensics at Dakota State University in Madison.
She says with some companies, the security of new products probably isn’t a primary concern or even area of expertise.
“They’re pushing things out that aren’t as properly vetted for security as they should be. That’s my concern,” Podhradsky says.
Hacking into the transmissions to a remotely controlled appliance, for example, could provide a criminal with access to other stored data in a home or business.
Significant improvements to built-in security are not likely until businesses and consumers demand that product-makers devote more resources and attention to security. In the meantime, individuals and small businesses can take steps to increase the security of computerized devices.
Podhradsky offers three suggestions:
- Be aware of potential vulnerabilities in your devices. Using a smartphone to remotely control appliances is cool but it also might be risky.
- Lock down routers, which are gateways to electronic information. Make sure they’re not broadcasting the availability of your network, and don’t keep the machines in plain sight.
“Don’t buy a router based on price but instead for its capabilities,” Polhradsky says.
- Keep software up to date. When new patches come out, install them.
I’ll add a fourth suggestion with longer-term applicability.
- Tell manufacturers that make smart devices and the stores that sell them that security is a concern that should be addressed from the beginning, not after problems become evident.
Strengthen those passwords
It’s worth mentioning and reminding readers about the importance of strong passwords during any cybersecurity discussion.
SplashData, a California company that makes password-management tools, has released its annual list weak passwords. The list for 2015 includes a touch of Hollywood – passwords likely inspired by the movie “The Force Awakens.”
“Starwars” is ranked as the 25th worst password for 2015. “Solo” is listed as the 23rd worst, and “Princess” is the 21st worst. The rankings are based on leaked passwords.
The usual suspects – “123456” and “password” – top SplashData’s annual list of bad passwords. The sports world has two representatives in the top 25 – “baseball” and “football.” Two animals, one real and one imagined, also made the list - “dragon” and monkey”.
Experts at SDN Communications, the host of this blog, encourage the use of long, complex passwords. They also advise against using the same password for multiple devices. Don’t use easy to recall numbers such as your birthday or the name of your favorite team, either.
Also, whenever possible, users should take advantage of two-factor authentication options (watch the video below).
For information about some of the security hardware and related services available to businesses and institutions in the Sioux Falls region, visit the What We Do section of the SDN Communications website.