Why device security is up to the user
More devices mean more susceptible connections from server to receiver. While that might be a cynical view, it is a factual one. Smart doorbells with face recognition, pet tech with microphones, Teslas with cameras: devices are only becoming more widespread but, generally speaking, not improving when it comes to security.
Internet of Things devices have the ability to capture many data points about users and it is this fact which makes their hackability all the more worrying. Further, the varying data rights of global citizens means that IoT eyes are everywhere with little legal oversight. Let’s explore what security means in the age of internet-connected devices and what must be done to ensure it, says Carsten Rhod Gregersen, CEO and founder of Nabto.
It is hard to escape the fact that security standards vary between vendors and devices. Most jurisdictions do not have regulated device standards, therefore leaving it up to device makers and users to put protections in place.
This is necessary because device fallibilities are widely known. For example, Russian hackers used printers, video decoders, and other connected devices to penetrate targeted computer networks, Microsoft officials warned in August.
Further, medical devices have even been threatened by poor security standards. In 2017, The Food and Drug Administration announced the discovery of a serious vulnerability in implantable pacemakers. The vulnerability targetted the transmitter that pacemakers used to communicate with external services, meaning hackers could theoretically alter its functioning, deplete the battery, and administer potentially fatal shocks.
Onus on the user
It is not acceptable that many modern devices do not come loaded with appropriate security safeguards. This is especially important as such devices continue to play growing roles in modern life, from smart homes to security cameras and gaming consoles. The homes and lives of today are connected and must be adequately protected.
The bottom line is that if you have a connected device, it needs protection. Personal information is not easy to get back once it is gone. The only way to ensure this happens is to shift the onus of protection from company to user, and this is why it is important to have a defence plan for personal devices.
Protecting what’s yours
Both device creators and lawmakers have proved slow to move on device security protections. Default passwords and weak security systems simply are not good enough when it comes to devices which collect countless user data points. While Europe has attempted to data rights through its General Data Protection Regulation, the same cannot be said for the United States. Data rights vary widely from state to state with little federal movement on the horizon, creating an uneven legislative playing field across the country.
This means users – no matter their level of computational ability – are the ones who must act to ensure their data stays safe. This is the only certain way to make sure data travels from server to receiver without interception. So, what must users do?
Users are best advised to inspect their default settings. Cybercriminals already know the default passwords that come with many IoT products, making it easy to access the information on them. Therefore, users should change the password into something made up of letters, numbers, and symbols.
Better yet, tailor the device connection. Many devices use cloud connection to relay commands. All the data is thereby kept at this third-party server, making it susceptible to outside forces. Installing a peer-to-peer connection removes this danger by establishing direct communication between device and receiver without the need for a middleman.
It is sad but true that device security is increasingly up to the user than the companies they buy their devices from. While regulatory bodies are gradually moving in the right direction on this issue, it is looking like too little, too late. Therefore, users with personal data protection at the front of their minds are best advised to act today to ensure data freedom tomorrow. The smallest changes can make big differences when it comes to who knows what about your actions on the internet.
The author is Carsten Rhod Gregersen, CEO and founder of Nabto