Sunday, November 10, 2024

Beware Of That IoT Device You Are Going To Give As A Gift!!!

 


As we fast track now into Thanksgiving and the Holidays, gift giving is going to be the norm yet once again.  To me, I think it should be plain and simple, and luckily for me, most of my close friends are happy with getting a nice gift card to their favorite restaurant. 

But for many other people, and especially those with families with kids, electronic items seem to the be premier choice for gifts.

While this may be nice, there is one thing you need to take into serious consideration.  And that is, Cybersecurity that is in the electronic item that you are giving.  A long time ago this was an unheard thought, but nowadays, you must be careful. 

One such instance in which you need to pay incredibly careful attention to is when you give a gift that falls under the realm of the “Internet of Things”, also known as “IoT” for short.  While some of us have a general concept of what it is, here is a technical definition of it for those who may not have heard of it:

“The Internet of Things (IoT) refers to a network of physical devices, vehicles, appliances, and other physical objects that are embedded with sensors, software, and network connectivity, allowing them to collect and share data.”

(SOURCE:  What is the Internet of Things (IoT)? | IBM)

Although the definition primarily refers to physical devices, it can also refer to those that are virtual as well.  Probably one of the best examples of the IoT is what is called the “Smart Home”.  In this set up, all your appliances (or just some of them) are interconnected together. 

So, when you get up in the morning, and want to start brewing that first cup of coffee, you can simply tell your digital assistant to do it, and it will start.

But despite these neat advantages, IoT devices, at least those that are used in the home environment, possess a number of Cyber risks to them, which are as follows:

Ø  If you have multiple IoT devices all connected, you are simply creating a large surface for the Cyberattacker to covertly penetrate. Once they are in one device, they can quite easily move into the others as well, causing havoc in your home.

Ø  The network communications that IoT devices are not encrypted.  They primarily use RFID transmissions, which can easily get hacked into with a simple network sniffer.

Ø  Any information or data that you have on your IoT devices are saved in a plaintext format.  Meaning, if you have your password stored on one of them, that is how it will exactly appear to the Cyberattacker after they get into it – your password will be in plain English.

Ø  Many of the vendors that manufacture IoT devices for the home typically do not take Cybersecurity into consideration in the design of it.  For instance, they often tell customers that simply relying on the default security settings they have in place are enough – which is a blatant lie.

Ø  Customers of IoT devices can easily fall prey to a scam – such as buying a fake product on Amazon or eBay.

But the good news here is that governments, and even here in the United States, are stepping up to the plate in creating and enacting legislation intended to help protect consumers.  Some of examples of these are as follows:

Ø  The passing of the Cyber Resilience Act by the European Union (EU).

Ø  The passing of the Cybersecurity Bill 2024 by Australia.

My Thoughts on This:

If you still decide to purchase an IoT device as a gift, consider these safety tips:

Ø  Make sure of the authenticity of the device you are buying.  Although it is quite tempting to get a cheaper one from Amazon or eBay, remember the adage that “you get what you pay for”.

Ø  If you decide to make this purchase online, make sure you do it on the ecommerce store of a reputable vendor.

Ø  Go through the Google reviews for those IoT devices you are interested in buying.

Ø  If possible, contact the vendor directly to see what kind of Cyber safeguards they put into the device.  If you do not feel comfortable with what they are telling you, then that should be a huge red flag to you to avoid getting it all together.

Ø  Once you have made that purchase, make sure to tell the person to whom you are giving it as a gift to make sure that they do not use the default settings, but rather put it in the highest thresholds that are possible.

Ø  Also, remind them of the need to download the relevant software patches, upgrades, and even the firmware onto the device as they come out.

Ø  Remind them not to store personal data on the device.  If a Cyberattacker can get hold of this, it will be sold on the Dark Web or worse yet, even be used in an extortion attack.

Just remember that in the end, trust your gut.  If something does not feel right, look for another IoT device that you are more comfortable with giving away as a gift. 

Cybersecurity, as it relates to the IoT, is not just confined to the home – it also has a strong bearing on the Critical Infrastructure as well.  But this will be examined in a future blog.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...