Millions of fitness trackers, medical implants, surveillance cameras, home appliances, thermostats, baby monitors and computers in automobiles now are connected as part of a rapidly expanding “internet of things.”
But many such devices were developed without security considerations. As a result, they are prime targets for hackers.
Tips to protect your devices:
How do I know if I have an internet of things device?
If you have a device that is capable of connecting to the internet or shares information over a wireless network in your home, it is potentially insecure and can be leveraged for a cyber attack.
Last month, hackers harnessed an army of 100 000 internet-connected devices around the world, such as DVRs and security cameras, to attack Dyn, which helps route internet traffic to its destination. It caused temporary internet outages to sites that included Twitter, PayPal, Pinterest, Reddit and Spotify.
Why should I care?
Hackers can penetrate devices to directly harm someone or to target critical infrastructure.
They can remotely disable a car, raise the thermostat on refrigerated foods, and toy with internet-enabled medical devices.
In the Dyn attack, hackers used the devices to flood the internet infrastructure company with data and knock it offline.
Such tactics also could be used against electrical and water systems, which are increasingly being put online to allow for remote operation.
What can I do?
Make sure you are aware of what you are connecting to the internet, and think about what is necessary.
That feature on your new bathroom scale that syncs with your phone is handy, but can you password protect it from getting hacked?
Any device that has the capabilities of remotely sending information elsewhere is vulnerable. Therefore, the software on that device and the network in connects to must be secured.
If a device comes with a default password, make sure you change it. You should also change the password on your wireless network at home. Use complex passphrases to ensure your device is not easily hacked.
The Dyn attack was made possible by devices with default passwords that were never changed.
Whom do I contact if I am worried about a device?
Contacting the manufacturer or vendor of the device may not always help.
This is especially true because innovation has frequently outpaced cyber security education.
In the US, the Homeland Security Department, for example, sends out public alerts about vulnerabilities through its US-CERT programme that you can sign up for on its website .