Amidst all the excitement about the possible benefits of the Internet of Things, a slew of warnings have been sounded by IT pros, vendors and analysts about looming security threats. Now you can add the FBI to that list of those cautioning enthusiasts.
The Bureau this week issued a public service announcement regarding cybercrime opportunities posed by the connecting of all sorts of data-enabled devices, from medical gear to entertainment gadgets, to the Internet.
"As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors," the FBI warns. "Similar to other computing devices, like computers or Smartphones, IoT devices also pose security risks to consumers."
The FBI cites "deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness," with giving cybercrooks an opening to plot attack and steal information.
The Universal Plug and Play protocol (UPnP) is particularly vulnernable, as are devces with default passwords and open Wi-Fi connections, the FBI states.
FBI recommendations for protection include:
- Isolating IoT devices on their own protected networks;
- Disabling UPnP on routers;
- Considering whether IoT devices are ideal for their intended purpose;
- Purchasing IoT devices from manufacturers with a track record of providing secure devices;
- When available, updating IoT devices with security patches;
- Being aware of the capabilities of the devices and appliances installed in your homes and businesses.
- Using strong passwords.
Irfan Saif, principal with Deloitte & Touche LLP’s Cyber Risk Services practice, says the alert "comes at a time when IoT is exploding onto the consumer and enterprise environments."
Consumers, Saif adds, often overlook the origins of second-hand devices, such as things bought from auction sites, that could be infected with malware: "When the provenance is unclear, that's another red flag for consumers."