Check Point Software Technologies points out the capabilities of cybercriminals depicted in some movies or television series, such as Mr. Robot, are not limited exclusively to fiction, but could actually happen in reality. Could attackers bridge the gap between the physical IoT network (the light bulbs) and attack even more attractive targets, such as the computer network in our homes, offices or even our smart city?
The answer is yes. As more and more smart devices are used in the home, cyber attackers are beginning to shift their focus from targeting individual devices to hacking the applications that control IoT device networks, giving them even more opportunities to cause disruptions in users’ homes and access their sensitive data.
In just a few decades, IoT data has grown exponentially, and the numbers are set to continue to rise. In 2021, there were more than 10 billion IoT devices worldwide, a number that IDC estimates will reach a global data generation of more than 73 zettabytes (or 73 trillion gigabytes) by 2025.
“Modern technology is playing an increasingly important role in our lives, so we have digital wallets on our mobile phones, for example, and we use tablets for work stuff instead of computers. This makes our devices full of sensitive personal and work-related personal and financial information and is therefore a very tempting target for hackers. And IoT devices bring additional risks. With smart toys, cybercriminals could eavesdrop on your children, webcams could be used to record you while you change clothes, and voice assistants could spy on your home,” says Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East. “Cybercriminals are laying traps and trying to take advantage of every opportunity, targeting newcomers with various Christmas scams. It is therefore important to secure everything properly right out of the box. And if your child gets a new device, make sure you carefully educate them about the benefits and risks and help them secure the device, understand what threats lurk online and how to respond in the event of an attack. Also talk to your children about the different parental control options, which are not meant to spy on them, but to encourage dialogue about threats and set clear boundaries.”
The need for IoT manufacturers to focus on protecting smart devices against attacks by implementing strong security during design of both software and device itself, rather than adding security later as an afterthought has increased in importance. However, users also need to be aware of security and privacy risks when using their devices.
To make sure your data doesn’t end up on the darknet and in the hands of cybercriminals, and also that your device isn’t used for hacking as part of a botnet, Check Point Software Technologies has prepared some basic steps to help protect you:
1. Lock your device. Always lock each device with a password, pattern, or perhaps a fingerprint or facial recognition. If you lose or leave your device unattended, no one can get into it.
2. Turn on remote search. Most devices offer a remote locate feature so you can find your device if it’s stolen or lost, but you can also lock and wipe it remotely so no one unauthorized can potentially access your information.
3. Turn on backups of your data so you can restore your information in the event of, for example, a ransomware attack. Because ransomware doesn’t avoid mobile devices.
4. Change your default passwords. You always need to change the default passwords that are set on your device. Why? Default passwords are often public knowledge and help with product support. Additionally, IoT devices such as smart cameras, thermostats, baby monitors, or routers are rewarding targets for hackers, and devices with default passwords can easily be found and exploited online. And you certainly don’t want anyone connecting to your home. Such devices can then also become part of a botnet, such as Mirai, and be used to launch cyber-attacks around the world.
• Use passwords that are hard to guess but easy to remember. As with any other device connected to a network, it is recommended that we always keep as many barriers as possible active, using unique passwords made up of uppercase and lowercase letters, special characters and numbers.
Strong passwords don’t have to be complex. Just have a password that others can’t guess but is easy for you to remember. Different password managers can also help.
5. Never share your login details or use the same passwords. Most people use the same usernames and passwords for different accounts, making them a common target for phishing scams. This is because stealing one password can allow a number of services to be compromised. Phishing emails and messages mimic well-known brands, for example, posing as customer support specialists or even your employer. Never share your login details via email or text messages. Always visit the service directly.
6. Use multi-factor authentication (MFA) to minimize the threat of a potential attack. When you log into your account from a new device, multi-factor authentication, an insurance policy that ensures no one else can access these services, will be required. If someone does try to log into your accounts, you will be alerted immediately.
7. Don’t delay updates. Always use the latest versions of software on your mobile phone and computer. New versions have bugs fixed and vulnerabilities patched. Using outdated software can allow hackers to get access to your personal information.
8. Check your privacy settings. Smart devices, such as fitness bracelets, smart home devices or even smart toys, drones and voice assistants, collect all sorts of information about you. Always carefully review what privacy settings they have and make sure you’re not sharing too much. Turn off any features you don’t need or use.
9. Don’t download apps from unofficial sources and stores. But even the official ones are occasionally infiltrated by malware, so it’s essential to use a security solution that can proactively find and stop threats before they can do any damage.
10. Remove unnecessary apps. Many devices contain a number of pre-installed apps. Vulnerabilities in apps can make it easy for hackers to attack. So, if you remove apps you don’t use and don’t want, you reduce the risk of an attack. In addition, some apps may ask you for personal information that they can further manipulate, so be cautious and only use apps you trust.
11. Turn off automatic Wi-Fi/Bluetooth connections. By default, your smartphone may automatically connect to an available Wi-Fi network or Bluetooth device, which hackers may try to exploit to gain access to your device. So make sure this feature is turned off. While free Wi-Fi is an attraction, it can also be a serious security threat. We often see hackers in airports or coffee shops waiting for someone to log on to a public Wi-Fi network so they can pounce on unsuspecting users. If possible, avoid unsecured Wi-Fi networks altogether. And if you do have to use them, at least don’t connect to personal accounts or sensitive data.
12. Understanding hacker tactics and the risks associated with cyberattacks is an important step to protecting yourself. However, modern threats and scams are so sophisticated that many people probably don’t recognize them. Therefore, it is also essential to use advanced security solutions and anti-ransomware. Secure your mobile devices too, as there is a huge amount of information on your phone and if an attack is successful, you could put everyone you know at risk too. For example, Check Point Harmony Mobile protects enterprise mobile devices from cyberattacks and provides real-time protection from even the most advanced threats. ZoneAlarm Mobile Security protects private mobile devices from ransomware, data and login theft, and dangerous Wi-Fi networks.
