Beware IoT Devices

By Charles Miller

The Internet of Things (IoT) is growing exponentially. The “things” are all of the many devices whose functionality may now be enhanced by connecting to the internet. The list of internet-connected home automation devices can include light bulbs, doorbells, music systems, thermostats, refrigerators, crockpots, printers, security cameras, televisions, smoke alarms, exercise equipment, garage door openers, jacuzzis, picture frames, electric toothbrushes, and I could go on…

There are two things most, but not all, of these IoT devices have in common. They can often be exploited to gain access to your network, so they need to be updated if vulnerabilities are discovered, and most of these devices will never be updated to address any vulnerability that might be discovered. Sadly, most of the companies making IoT devices follow the sell-it-and-forget-it support model. In many cases it is not just that the manufacturers do not provide any means to update but that inexpensively-made devices could not be updated even if the manufacturer wanted to do so. Each of these IoT devices creates the potential for hackers or cybercrooks to compromise the network to which the device is connected. In spite of this consumers blithely connect these insecure IoT devices to the same home networks they also use to do their online banking.

The inherent insecurity of many IoT devices is something that is never likely to change. Consumers are spoiled by being able to buy devices such as an internet-connected security camera for $29 although they would be strongly disinclined to pay $129 for the exact same camera with improved online security. Some say that governments should pass laws requiring makers of IoT devices to provide hardened security and continuing updates, but politicians have no appetite for passing laws that increase the price of consumer goods while providing no visible benefits.

So it looks like for the foreseeable future we will all be using an internet to which are attached millions of potentially-insecure IoT devices that will never be updated. Fortunately there is a workable way to at least mitigate this dilemma by using an up-to-date router, the newest of which comprises essentially multiple routers inside one box.

Some of the new generation of routers can be configured to have two or more Wi-Fi networks that are completely isolated from one another.  For example, you could have two Wi-Fi signals both coming out of the same antenna, one named “SecureWiFi” and the other named “InsecureWiFi.” Guess which one you would want to use for online banking and which one to which you should connect all of your possibly insecure IoT devices.

The routers I describe are already available on the market. Although more expensive than most consumer routers, replacing your existing Wi-Fi hardware is something you should consider before you add IoT home automation devices to the same network you use for banking or other sensitive communications.

Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident.  He may be contacted at 415 101 8528 or email FAQ8@SMAguru.com.