Just ahead of Christmas, shops were packed with Internet of Things (IoT) devices ranging from smart speakers, CCTV cameras, interactive doorbells and lightbulbs to digital assistants such as Amazon Alexa, Google Home, and Apple Home Pod, remote central heating controls, and even smart TVs.

IoT refers to the billions of physical devices around the world that are now connected to the internet, all collecting and sharing data. When the shops are full of a wide range of consumer IoT goods like those listed above its fair to say the age of smart connected devices has arrived.

If you have given or received one of these smart devices over Christmas there are a few things you might want to hold in mind. These devices connect over the internet to the apps on your smart phones that control them. As such, like any internet connected device, they are vulnerable to being hacked. And they do get hacked.

Simple tips to keep you safe
  • If the device comes with a default password, change this to something more secure, a password that is robust and one that you can clearly remember. Default passwords on IoT devices are an open door, a flashing invitation for hackers. Millions of IoT devices have been hacked by exploiting default passwords, which are typically found with ease on the Internet.
  • Some smart devices offer a ‘single sign-on’ using services like Google and Facebook. It’s tempting to use this approach because it keeps things simple. But its far safer to create your own individual account that has no connection to any other services.
  • When you’re setting up your smart device take your time and make sure your privacy settings are set. Smart devices are smart because they also send information back to the manufacturer to ostensibly enable it to improve its service and tailor the devices to be more user friendly and more in-tune with how people are using them. But this data can also be used for other purposes such as selling on to third parties and as means to bombard you with offerings you’re not interested in. This data typically includes your name and address too. So if you have the option to turn this function off you may want to.
  • If the device or app offers two-factor authentication (2FA), turn it on. 2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. It typically consists of a password or code number sent to your phone once you’ve logged into the device with your password.
  • Finally, but certainly not least, make sure that the device receives software updates and that you can easily apply them. Hackers love unpatched software because they can exploit vulnerabilities to break into devices. If the device doesn’t provide software updates you might want to consider whether to use it at all. A lack of software patches suggest the devices are being manufactured on the cheap for a quick sale and security is clearly not a consideration.