Security vulnerabilities in millions of Internet of Things devices (IoT) have been discovered that could allow cyber criminals to knock devices offline or take control of them remotely. Over 100 million consumer, enterprise and industrial IoT devices are potentially affected.
Nine vulnerabilities have been discovered by security researchers relating to communication protocols commonly used in IoT devices.
- One of the things hackers can potentially do is take devices offline by sending malicious packets that crash the device.
- Another possibility is to execute code on a device enabling a cybercriminal to get into the network and find other targets.
Security patches have been made available to fix the vulnerabilities but applying security updates to IoT devices can be difficult meaning that many could remain vulnerable.
Consumers who have smart devices in their homes need to visit the manufacturers’ website and see if their devices have been compromised and if so are patches available.
- Specifically, the vulnerabilities were discovered in TCP/IP communication stacks. Simply, TCP is a protocol that is used to encapsulate data to send it to and from the device, for instance, to smartphone apps. IP with TCP helps to deliver the data.
- Vulnerabilities were uncovered on popular stacks used by developers such as Nucleus NET, FreeBSD and NetX.
If relevant, a manufacturer’s website should make a reference to these TCP/IP communication TCP/IP stacks while also providing instructions on how to patch the devices.
Best practise IoT for consumers
IoT is changing the way we live, from increasing our energy efficiency to providing tailored entertainment and health monitoring. But, the “smarter” we get, the more complicated the connections become, and the harder all of it is to manage.
As devices age, they may become unsupported, risking the security of the vast amounts of personal data they collect and, in some cases, share. The following recommendations and tips will help you maximise your online safety and privacy.
- Any device that connects to the Internet should be guarded by a firewall to help prevent unauthorised access. Use a router-based firewall and turn on any built-in firewall settings your device might have.
- Reset the default admin and password that comes with the device to those of your own choosing.
- Document all of the smart devices and applications you use. List the company URL, passwords, contact email and phone numbers.
- Review the privacy practices of connected devices you own or are considering buying, including data collection and sharing policies with third parties.
- Reset permissions to reflect your preferences (for example – data collection and sharing, camera and microphone settings and other functions). If your settings cannot be modified, consider the “reset to factory settings” option to force a clean setup.
- To increase your privacy, disable any camera and microphone when not actively/intentionally using them.
- Consider removing the camera, flipping it to face the wall or covering the camera lens to prevent accidental or unauthorised use. Doing so means the camera will only capture a black image or the wall.