Smart Devices are often filled with vulnerabilities. Here are a few flaws to be on the lookout for:
- Weak or nonexistent default passwords (in the worst case these are hardcoded—which is to say they can’t be changed)
- The device may report your saved wifi password to a central server run by the manufacturer
- Unencrypted communications, or encryption with a known master key set by the manufacturer. In other words anyone on the network can ‘see’ what the device is doing, or saying, which can include confidential information.
- Telnet enabled by default – Telnet is a communications method that doesn’t use encryption, and can often be brute forced (an attacker can make random guesses until they find the password).
- IoT devices often use Universal Plug and Play; a feature of many routers that permits devices to open holes in the firewall allowing malicious outsiders to access insecure devices, even from other networks or the internet.
How do you know if one of your devices are vulnerable? There are a variety of tools available to inspect network traffic, or test for vulnerabilities, but the best place to start is a web search. Search the device manufacturer and model along with the word ‘vulnerability’. The manufacturer as well as independent security researchers will often publish vulnerabilities along with fixes and workarounds.