In December 2019, the popular Ring smart home security system made headlines when a hacker managed to break into a private residence’s systems and broadcast his voice to an eight-year-old girl in her bedroom. This disturbing invasion of privacy, whether meant as a harmless prank or not, was a wake-up call for the girl’s parents, and smart home users across the country.
What everyone wants to know is whether these types of systems are truly secure. That’s precisely what Nexus IT Consultants CEO Earl Foote spoke about on a recent episode of the Dave and Dujanovic Show. Click play below to listen to the full interview.
In response to this incident, Ring stated that it wasn’t a vulnerability in their systems that allowed the hacker to gain access. As reported by Buzzfeed News, the Ring security team found “no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.”
Instead, they say the hackers penetrated the systems with user credentials gained via other services. In other words, the parents used the same password for their Ring system as they did other accounts, which were hacked, and used against them.
Earl also stressed the importance of weighing security against privacy. When it comes to surveillance systems, the more you use them, the more potential there is for you to violate your privacy and the privacy of those in your home.
“Just consider if you really need or want the device you’re going to install and if you’re willing to potentially give up your privacy,” said Earl. “You should be aware of what your potential risk is to compromising your own privacy.”
This is an important consideration when it comes to using the Internet Of Things (IoT). A popular new arena for technology, it’s estimated that there will be 64 billion IoT devices worldwide by 2025. IoT is a natural evolution of the Internet, consisting of a myriad of new “smart” and “connected” products and technologies for the commercial, consumer, and government environments.
As a so-far unregulated aspect of the IT world, IoT devices have been developed with minimal or nonexistent security features, despite the fact that they often connect over networks to sensitive data.
Whether it’s a smart fridge in the home, a smart display sign out front of a McDonalds, or the smart console in a user’s car, IoT devices are a part of a network and have to be treated the same as other network devices. That is, they need the same level of security and scrutiny applied to them as one would a server, a desktop computer, or mobile device used in the workplace.
“Whatever internet-enabled device you bring into your home or your office, [you should] understand the risks upfront, and consider whether or not you’re willing to give up some potential privacy by using that device,” said
It’s also important to keep these systems updated. Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes. Due to this, much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security.
Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.
“Update them when you first install them and then update them regularly,” said Earl. “If you’re not consistently updating them with security updates from the manufacturer, you’re exposing yourself to potential risk, and hackers getting into your devices and systems.”
Don’t Use Default Passwords
Earl also noted how important it is to change default passwords on IoT devices. This is an important best practice for any technology you use, but especially networked devices like those that are a part of the IoT.
“When you get the device and you plug it in and walk through the wizard, make sure you change the password and use a very complex password,” said Earl. “You may even want to use password managers in order to create random passwords.”
A password manager generates, keeps track of and retrieves complex and long passwords for you to protect your vital online information. It also remembers your PINS, credit card numbers and three-digit CVV codes if you choose this option. Plus, it provides answers to security questions for you. All of this is done with strong encryption that makes it difficult for hackers to decipher.
Don’t Reuse Passwords
If you use repeat passwords across accounts, the process cybercriminals use against you is simpler than you might think:
“Never use the same passwords on the same devices or same accounts,” said Earl.
Use Two-Factor Authentication
Two-factor authentication is a great way to add an extra layer of protection to the existing system and account logins. 45% of polled businesses began using 2FA in 2018, compared to 25% the year prior.
By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re better able to ensure that the person using your employee’s login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.
“Whenever you have the ability, not just with a Ring doorbell, by all means, you should do it,” said Earl.
Personal cybersecurity is all about what you do to prevent the worst. With the rate at which technology is constantly evolving, it’s important to take advantage of the latest tools available to you, and follow best practices like those explored in this interview. When it comes to sensitive data, there’s no precaution too great.
Like this article? Check out the following blogs to learn more: