FBI Published Recommendations on IoT Security

  • Posted on: 23 September 2015
  • By: Patrick Oliphant

Earlier this month the Federal Bureau of Investigation (FBI) released a warning about the risks of having our connected devices being hacked. They have also made some suggestions on how we can protect our privacy, home and business from hackers. Google also recently released one of these recommendations on how to secure our home wireless network. The FBI suggested nine things we can do, which I think are easy for anyone to do. I have also elaborated on some of the recommendations to reduce the risks even further.

Isolate Internet of Things (IoT) devices on their own protected networks: As this relates to home users it will be difficult to do, because most of the hub and routers in our homes are basic and does not go up to the level splitting traffic. Also many of the hubs we have in our homes are the same one we bought the day we orders our first broadband. The newer routers offer the option to encrypt traffic as it travels across our home network.

Disable UPnP on routers: This might be a bit difficult to day. In addition to this, we should disable guest login if not needed, request password for wanting to use our Wi-Fi connection, we could even go a bit further and only offer connected to the device MAC address we know.

Consider whether IoT devices are ideal for their intended purpose:  In addition to this we should be aware of the devices other capabilities and if they are not needed disable them if possible.

Purchase IoT devices from manufacturers with a track record of providing secure devices: This has to be a must, therefore buying unknown brands from off the internet is a no. Saying that we learnt that many of the well-known brands home routers have security vulnerability, which takes us back to point one maybe you need to upgrade.
When available, update IoT devices with security patches: For the time being the onus is up to us to make sure patches are applied. However, in the near future, the use of TR-069 protocol will allow service providers to push out device firmware and security updates from a central location.
Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it operate on a home network with a secured Wi-Fi router.
Use current best practices when connecting IoT devices to wireless networks, and when connecting remotely to an IoT device: What are these you may ask? These are the recommendations up to now.  In addition, please read the manual most of us don’t like to but it’s for our own privacy and security – feeling vulnerable is not comfortable.

Patients should be informed about the capabilities of any medical devices prescribed for at-home use. If the device is capable of remote operation or transmission of data, it could be a target for a malicious actor.

Ensure all default passwords are changed to strong passwords. With the need to remember so many passwords in our everyday lives we are sometime, tempted to use something easy for things like these but the FBI is suggesting that we consider what is at stake and use a strong password.

Source: Arcweb.com