The Internet of Things (also known as IoT) means that everyday devices connect to the internet so they can relay and receive information. To say IoT devices are popular would be an understatement. Business Insider predicts there will be 24 BILLION of them by 2020—five billion of which will be used by consumers.
The cool part about this tech is that it means you can do things like check your tea kettle’s temp from an app, log in and preheat your oven before you even walk in the door, or ask your smart speaker to do a little shopping on your behalf.
Connected devices can bring a lot of convenience, but they also come with
a price: privacy risks.
In fact, they pose a variety of unique security challenges you might not know about:
- You’re at the mercy of the manufacturer. IoT devices are being produced so fast that they often aren’t adequately tested for security flaws. Once a flaw is detected, it’s up to the manufacturer to release a fix. It often takes companies several months to release patches (if they do at all).
- The devices are too friendly. Since IoT tech needs to connect to one another and the Internet to function, a hacker could gain access to your entire network via a single device. The underlying hardware and software is often similar, which means a standard method of attack is more likely to succeed with at least one device.
- The default settings are insecure. Many devices default to the lowest security setting possible, allowing more access than is needed. Worse yet, some devices require more access than should be needed to perform their functions.
- You don’t know who may be listening or watching. Even if your device isn’t hacked, it may be collecting data. Recording and listening devices are no longer in either an on or off state. New settings for activation are Manual, Always Ready, or Always On.  For more information, see Microphones & the Internet of Things: Understanding Uses of Audio Sensors in Connected Devices.
- End of life. Technical support and security updates for devices are often set to terminate after a new model is released. With the rapid growth in this industry, there are many young companies that could go out of business and leave you unsupported. Once a model doesn’t receive updates anymore, it becomes an even greater security risk.
Don’t let connected devices wreak havoc on your privacy! Follow the tips in the video and lists below if you plan to buy, sell, or install a smart device.
Steps to take before you buy
1. Research the manufacturer. Do a little digging and find out if it has a good reputation with both consumers and consumer watchdog companies. How can you tell? Try to learn the answers to these questions:
- What data is collected and shared (and with whom)?
- How long is your information retained?
- Can you opt out of information gathering?
- What security measures does the device use (e.g., does it encrypt data)?
2. Read reviews from other consumers. Look for topics such as ease of installation/customization of settings, customer service experiences, and comparisons of different models/manufacturers. You may find that what looks good on paper (or the web) doesn’t actually perform as promised.
3. Use the Smart Device Purchase and Set-Up Checklist from Online Trust Alliance. This initiative within a larger, global non-profit, helps educate consumers and promote best practices for the use of the Internet.
Steps to take after you buy
1. Spend some time reading. Read the Privacy Terms and Conditions as well as the Owner Manual for each device before connecting.
2. Change the default password. Don’t use the default password settings on any device. Change them—on everything—immediately.
3. Make the Privacy Settings as secure as possible. By default, the settings may not be set very strong so be sure to double check.
4. Don’t get triggered. Understand what triggers cameras and microphones, and be sure you know how to turn them off.
5. Check for updates. Look often, because your device may not tell you an update is available, and apply as needed.
6. Replace as needed. If a device is past its End of Life and/or no longer being supported with updates, replace it with a new model.
Guest blogger Vickie Lubner-Webb with Missy Kellor