More and more devices are being built with network capability: refrigerators, televisions, cameras, even toys. There is certainly a benefit to this, as it provides functionality that wasn’t available before. This can include advantages such as extended multimedia capability of televisions, monitoring static cameras from anywhere and controlling devices via a web portal. The benefits of this Internet of Things are readily apparent.
However, there is a downside, too. Many of these devices were engineered without a concern for security, meaning there is no set schedule for security patches (as vendors such as Microsoft, Apple or Adobe have). In fact, many of the operating systems that run these devices are fragmented, such as the outdated Windows XP or numerous variants of Linux. In many cases, the vendor will stop offering patches for these operating systems after a few years, as the business model is to make those products obsolete and sell new ones.
Ultimately, these devices were intended to be run on closed networks, for example, your home network. That being said, misconfigured devices can result in bad situations, even at home. Here are a couple of examples:
- Misconfigured, networked baby monitors are a threat. The risk: Not only can you view the monitor, but anyone else in the world can, too. In fact, some websites and apps are dedicated to viewing insecure cameras (including baby monitors).
- In October, a collection of compromised network cameras (a botnet called Mirai) took down an infrastructure provider on the internet, resulting in a massive outage of various websites and resources.
You can still take advantage of these useful devices, but use extreme caution. Make sure you change the default password on these devices to a good, secure password.
Learn more about computer security at Fermilab Computer Security Awareness Day and Tech Expo on Wednesday, Dec. 7, at Wilson Hall. For a schedule of events and a list of exhibitors, visit the Computer Security Day website.
Joe Klemencic is the head of the Computer Security Department in the Office of the CIO.