“Any device on a network now becomes a target”
When Torsten Prues talks about data security in the age of the Internet of Things (IoT), one of his favourite examples is that of an aquarium being hacked.
It sounds fishy, but it’s true. The aquarium, reported a cybersecurity firm called Darktrace, was a centrepiece in a casino and capable of sending its temperature information back to the facility’s network. This, it turns out, was a warm welcome to hackers.
By exploiting the aquarium’s online security vulnerabilities, hackers made their way to other parts of the network to steal information about the casino’s high rollers.
“It’s one of the most ingenious hacks of 2017,” says Prues, senior unified communications specialist with NAIT’s IT department.
“It’s one of the most ingenious hacks of 2017.”
More importantly, he adds, it illustrates how “any device on a network now becomes a target.”
In the IoT, Wi-Fi enabled devices connect to networks and communicate with other tech to accomplish a variety of tasks – like instantly sounding the alarm about a dangerous drop in aquarium water temperature. If not guarded, those connection points are like an open door and can allow unwanted visitors into a network.
So, what do we do when technology has evolved to the point where an untended aquarium can leave us unwittingly swimming with sharks? Here’s Prues’ advice.
Think twice before you connect
No, you don’t need to go off grid and move to a cabin in the woods. But Prues recommends being aware of what it means to turn on Google Home or a Wi-Fi enabled Brita pitcher that reorders its own filters. Treat every device as a possible aquarium disaster that might be averted if you don’t connect it to your network, says Prues.
Change the default passwords
The default passwords for many devices, such as routers, can easily be found online. “Just go and Google 'default username password for device xyz,'” Prues dares.
In fact, this lax industry practice provides such a convenient network access point for criminals that California has legislated that every device that connects to the Internet come with a unique pre-programmed password. Not so in Canada.
“If you have control [over a password], change it,” says Prues. Use a different one for every device.
Be a guest on your own network
“There are routers where you can create a guest network,” says Prues. This allows devices to access your main network but with limited permissions.
“Put IoT devices on [that] if you can, so if they’re breached they can’t reach out to other devices on your network.” (The modem from your Internet provider likely won’t offer a guest login, so you’ll need to add a third-party router.)
Update the software in places you least expect
“It may get more complicated with a device like your fridge,” says Prues, referring to the newest, coolest generation of this appliance, which can now be purchased with a digital screen on the front that allows users to manage a family calendar, play music and even see who’s knocking on the front door.
“It may get more complicated with a device like your fridge.”
But if a device prompts you to perform an update, don’t pause to make a sandwich – do it immediately, as it may fix a security vulnerability.
Research companies and suppliers
Part of that research involves checking track records, he adds. Which devices have been or are in the news for security vulnerabilities (even companies as big as Intel can struggle with this)? What about Internet providers? A little Googling can go a long way.
Beware the cost of convenience
Prues knows that living with the IoT means striking a balance. “We want to make it easy for people to connect and do stuff, but then [security] is another thing. We’re trying to find the middle ground. It’s hard.”
"We’re trying to find the middle ground. It’s hard.”
The convenience connectivity brings makes life easier, but it can come at a cost. Like something lurking in a dark corner of the aquarium, no one knows quite what until it’s been given the chance to sneak up and bite you.