IoT: The good, the bad, and the unsecured


As Black Friday and Cyber Monday approach, anticipation is growing for this year’s snips, steals and deals on Internet of Things (IoT) devices. However, amid the thrill of Black Friday bargains, it is crucial to exercise caution and consider the potential security implications associated with purchasing and deploying IoT devices. 

What is IoT?

The Internet of Things, commonly referred to as IoT, is essentially a web of gadgets that share information and the cloud.

The concept first came about in 1982 when Carnegie Mellon University students linked the department vending machine to their computer, allowing them to check if drinks were in stock and chilled.

However, this wasn’t the first true IoT device, as Tim Berners-Lee’s World Wide Web was still seven years in the future. That honour goes to a toaster created in 1990 by John Romkey. This bizarre device was equipped with a crane system for inserting the bread.

IoT has continued to expand from here and, based on the most recent data, around 15 billion IoT devices are currently connected. It’s anticipated that this number will nearly double, reaching 29.42 billion by 2030.

Want to protect your business but not sure where to start? Check out our free guide to protecting your business on a budget.

Where is IoT used  – The good, the bad and the bizarre

IoT is used in our homes, offices, manufacturing machinery, agriculture and more. More specifically, this includes smart home devices such as fridges and dishwashers, wearable technology like smartwatches, and medical devices, with pacemakers being a great example.

IoT has the potential to enhance our lives. For example, by facilitating independent living for the elderly with conditions like dementia. This is achieved through IoT technology that gathers atmospheric data linked to residents’ movements within their homes. Should the activity drop below a certain threshold, a device will immediately notify family members or carers of a potential emergency.

Whilst working as a detective in the police, I saw IoT employed for malicious purposes on many occasions. One such occasion was when following a recent relationship separation, the one-time couple had to maintain contact due to their young child. However, whilst Mum was out with her baby she would frequently bump into the child’s father. 

After months of this and other strange activities occurring, it was discovered that a tracking device had been placed in the child’s pushchair. This shared real-time location updates and allowed impromptu meets between father and child.

As you might expect, there are also many bizarre IoT devices out there, including smart egg storage devices that can track the age of eggs and send alerts when your egg stock is running low. Although some may say that is a cracking idea!

IoT security vulnerabilities

A security vulnerability within an IoT device could be several things, from insecure default settings to a lack of physical security. This could allow anybody to log into the device by not requiring authentication. Or, where there are log-in details required, using default credentials such as a username and password of ‘admin’.

Many of us will have IP (Internet Protocol) CCTV both in our homes and places of work. Vulnerabilities may exist in these too. Failing to ensure updates are applied to our CCTV could leave known vulnerabilities unaddressed, making it susceptible to exploitation. I have seen many cases of IP CCTV being hacked and people’s personal lives being streamed live on the internet for the world to watch.

What can we do to protect ourselves?

The first thing that we can all do before we click buy on that new device, is to ensure that we are buying it from a reputable company. There are so many devices available to us for comparatively little cost. But buyer beware, often a low price can mean poor security. 

Although we can’t all be expected to comprehend the intricate technical workings of our devices, we can develop a basic understanding of security best practices. This should help ensure that the IoT devices we bring into our homes or workplaces are safe.

So, what are some of the things you can do? In no particular order, here are some of the basic requirements for cybersecurity.

1. Change default passwords

Ensure that you’re using strong and unique passwords to access devices. If in doubt, use the NCSC’s ‘three random words’ approach.

2. Apply patches and updates

Security updates and patches are extremely important in fixing any vulnerabilities in the operating system or firmware installed on your devices. Without these patches, cybercriminals could easily exploit vulnerabilities to hack into your device. 

3. Configure your routers and firewalls to block external traffic

To keep IoT devices within your home safe, you must ensure that nothing outside your home network can connect to your device. By configuring routers and firewalls to block all external traffic you’ll prevent hacks.

4. Only purchase devices with high-level security protocols

Try and stick to devices with a connectivity protocol that is secure by design and uses a low data throughput such as LoRaWAN (long-range wide-area network). You should find these details in the specs of any reputable products.

5. Check your privacy settings

We’ve already mentioned passwords, but there are a few other things you can do to improve your privacy and security. First of all, set up multi-factor authentication (MFA) on all IoT devices, whether that’s biometric authentication (such as fingerprint or facial recognition), a one-time passcode, or security questions. 

MFA makes it much, much harder for any would-be hacker to gain access to your device even if they manage to find it on a network.  

Finally, the single most important thing that we can all do when it comes to security is to keep ourselves updated and aware of new and emerging threats. So, if you’ve read this far, well done.

Cost of living CTA 3