5 Common Internet of Things (IoT) Security Issues and Fixes
1. IoT Home Hub Device Record Everything
Some devices like Google Home and Amazon Echo are constantly listening to their surroundings. This ensures that your voice is heard when you say the “hotword” or activation word that initiates the audio recording.
Of course, constantly hearing your voice poses a privacy risk in itself. is the subject of much speculation.As to whether these devices will always send recorded information home, even if the user has not enabled it via the “hotword”.
How to Fix IoT Devices Always Listening to You
As such, the best way to fix this IoT security issue is to never allow it to occur. Don’t purchase smart devices that have a 24/7 listening capability (if possible). Always-listening devices are identifiable if they’re marketed as offering voice-activation, as they need constant monitoring to listen out for commands.
2. They Can Be Hacked From the Outside
A big draw for IoT devices is their ability to receive commands from the internet. This allows users to control smart home devices from any location in the world.
This feature isn’t perfect, though. While remote smart home control allows location-independent control and monitoring of your home, it also opens the door for hackers to do the same. Hacking is one of the scariest IoT privacy concerns, as people all around the world can gain access to your home uninvited.
It sounds like something out of science fiction, but it’s, unfortunately, a reality. Trend Micro claims their software blocked 5 million hacking attempts on IoT cameras, 75 percent of which were brute force attacks.
How to Fix IoT Problems With Remote Hacking
To fix this problem, you need to set up a proper remote system that can keep hackers out. Given that hackers are mostly using brute force techniques to break in, your system needs to be strong enough to resist a barrage of attempts.
Secure your account with a strong password, and use a two-factor authentication device if it’s supported. These will both stop a hacker from getting easy access to your home.
3. Devices Don't Use Encryption
This is a giant red flag for anyone who cares about their privacy. Zscaler reported that from the 56 million transactions that passed through their cloud from IoT sources, 90% of them were sent as plain text. This means no effort was made to encrypt them whatsoever; anyone could analyze the packets and extract its data.
How to Fix IoT's Lack of Encryption
Only use IoT devices that properly encrypt their data. Hopefully, the product will state its encryption type on the box or advertising. If it doesn’t, it’s a good idea to play it safe and not purchase it.
Another option is to use a VPN’s encryption scheme on your network, Some routers allow for the user to configure a virtual private network, or VPN, on it. A VPN installed on a router allows the user to encrypt and route all their traffic through a third-party server. That would prevent any third-party snoops from inspecting whatever data is transferred between you and the end point.
4. IoT Devices Aren't Properly Updated
This is a giant red flag for anyone who cares about their privacy. Zscaler reported that from the 56 million transactions that passed through their cloud from IoT sources, 90% of them were sent as plain text. This means no effort was made to encrypt them whatsoever; anyone could analyze the packets and extract its data.
How to Fix
Unfortunately, there’s no way you can actively patch your IoT devices. Fortunately, you can take measures into your own hands by choosing companies with a good reputation or look for open source IoT devices.
5. Devices Use Default Factory Passwords
A default password is a hacker’s favorite way of cracking devices. Some companies will give each device an individual password to prevent this flaw, but others will set the same password for all the devices they create.
The default password problem is so bad. If the users of these devices don’t bother changing the password, hackers can learn of the factory default login information and test it on all the devices they can find. They’re bound to find a few that still has the out-of-the-box credentials, which gives them unprecedented access over the device.
How to Fix It
If any devices you purchase have a default password, change it right away. Keeping the old password is leaving the door open for any potential hackers that know the credentials for your particular device.
