HKCert
HKCERT logo Hong Kong Computer Emergency Response Team Coordination Centre

HKCERT logo Hong Kong Computer Emergency Response Team Coordination Centre

Security Blog

Stay Vigilant Against IoT Security Risks at Home

Release Date: 02 / 06 / 2019
Last Update: 03 / 06 / 2019

The use of smart home appliances has become ever more prevalent in our daily lives where Internet of Things (IoT) are applied to connect various types of devices, bringing greater convenience to our lives like never before. However, sometimes IoT devices are designed to deliver “fast and convenient” services, and yet, it may lead to negligence or loopholes in some circumstances. IoT devices will then be exposed to the risk of cyber attacks, or even vulnerable to hacking.

 

Recently, there were news reports about hackers maliciously attacking IoT-enabled devices, such as smart coffee machine and smart TV, so as to retrieve private data and sensitive information from notebook computers or mobile phones which are also connected to IoT. As such, it is of utmost importance to take note of cyber security while enjoying the convenience brought by these advanced technologies.

 

In fact, global cyber attacks are on the rise. The biggest Distributed Denial-of-Service (DDoS) attack broke out in February 2018. A software developer company suffered from incoming traffic at a rate of 1.35 Tb per second, sending packets at a rate of nearly 127 million per second at its peak, and eventually causing temporary disconnection of system.

 

Although the company later explained to the public instantly that no leakage of private data to the public has been reported, the incident exposed the potential threat of IoT devices disclosing private information, and that it is necessary to heighten public awareness on the protection of personal privacy.

 

In earlier times, reportedly, a malware scanned the Internet for IoT devices such as webcams and routers in an attempt to trigger a brute-force attack and infect the IoT devices to launch DDoS attacks. A noteworthy example was a public uproar over an exhibition in the United Kingdom in which still images of webcams from around the world were displayed, including Hong Kong. It was a serious infringement of privacy as the images were collected without the consent of owners of the webcams.

 

Below are some tips for users to remain vigilant against the cyber security threat when using IoT devices:

  • Purchase IoT devices from official channels with the provision of firmware upgrades and bug fixes.
  • Change the default password of a device upon first time login. Password should be changed regularly with a complex composition. To reduce the risk of password leakage caused by IoT devices hacking, use different passwords for different devices.
  • Ensure the network security of IoT devices. For WiFi, use WPA2/WPA3 encryption with complex password. Do not monitor or manage the IoT devices via public network.
  • Download mobile applications for IoT devices from official app stores only.
  • Check the IoT device settings regularly. If settings are suspiciously changed, reset account of the device immediately and keep monitoring the account status.
  • Disable UPnP function in broadband router.
  • Keep the firmware of IoT device updated to the latest version.
  • Disable sound or video recording functions of an IoT device whenever it is used in private or sensitive areas. Turn off the device when not in use.
  • Regularly monitor online information about security alerts of IoT devices.

 

Please visit our website for more information regarding IoT devices security.