Wednesday, November 16, 2016

The newest threat to your cybersecurity? Your lunchroom appliances

Dinner is always a bit of cluster in my house. We are a home of two working parents, and, with music lessons and band rehearsals three nights a week, it seems that we are always scrambling for our evening meal. More often than not, we end up eating out, which is neither good for our wallets nor our waistlines.

Yet, winter is coming, which means crock-pot season. The problem with some crock-pot recipes, however, is that they cook for far fewer than the 10-plus hours we are out of the house everyday. Wouldn’t it be great if there was a way to connect your slow-cooker to your WiFi network and control it via an app from your phone? That way, I could start the meal at 2 pm and not not worry about coming home to a tarry, burnt mess of chicken and sauce (yes, this has happened, and, yes, we ate out that night).

“Today’s your lucky day,” you say. “Behold, the Wifi-Enabled Slow Cooker. There’s just one drawback. Cyber criminals can seize control of it to take down websites and access your smartphones and home networks.” Yikes!

I’ll let Vice explain:
If you have an internet-connected home appliance, such as a crock-pot, a lightbulb, or a coffee maker, you can control it from the comfort of your smartphone. But a bug in the Android app that controls some of those devices made by a popular manufacturer also allowed hackers to steal all your cellphone photos and even track your movements. 
Security researchers found that the Android app for internet-connected gizmos made by Belkin had a critical bug that let anyone who was on the same network hack the app and get access to the user’s cellphone. This gave them a chance to download all photos and track the user’s position….
This problem is not small or inconsequential. The White House is even paying attention. Just yesterday, it issued sweeping guidelines for IoT (Internet of Things) Cybersecurity [pdf]. The paper calls for an engineering-based approach that bakes security systems directly into Internet of Things devices and technology.

If you have smart appliances in your workplace, the Wall Street Journal recommends the following best practices:
  • Research before purchasing your smart home products. Consumers need to research the security protocols that their connected devices follow, and pay attention to how device makers issue security updates for devices’ software.
  • Update the firmware of your devices. The WSJ recommends regularly updating devices, even new ones, as security updates could be released or change on a daily basis.
  • Change the password for your smart home devices. Most hackers attempt to obtain a universal password for users so they can hack into all of the connected devices in the home.
  • Secure your router. This means updating your firmware more frequently or simply setting your router to the WPA2 security setting, which can help a great deal.
  • Create a separate network for your devices. By setting up a separate router and network for smart home devices, users can prevent them from being hacked by PCs.
  • Point connected cameras in the right direction. Your connected cameras can be among the most easily hackable devices. Because of this, consumers should not have connected cameras pointed in the direction of their bedrooms, living rooms, or other very personal areas of the home.
  • Ask your service provider about device security. They are the ones that should know all of the security precautions that users of their devices should be taking.
  • Buy new devices, especially if your connected devices are older models.
If one good thing came out of the 2016 Presidential election it’s that cybersecurity came to the forefront and entered our collective consciousness. If people were not previously aware of cyber risks, they are now, thanks to Wikileaks. Employers should take advantage of the moment and capture employees’ attention with cyber policies and training.