The Internet of Things (IoT) refers to the current tech trend of making all of our dumb devices smart – that is, connecting them to the Internet (which I’m not sure necessarily makes anything or anyone ‘smart’). What good is your refrigerator if you can’t query its contents from the office before you come home? Who wants a dumb thermostat that you can’t change from half way around the globe? Who needs a Bluetooth speaker that won’t respond when you ask it for today’s weather? We’re already spoiled by our smart devices, and this whole trend is just getting started.
Securing IoT is Not Easy, but It’s Now Cheaper
The problem with adding smarts to cheap devices like light bulbs, baby monitors, thermostats and appliances is that it adds cost – in comes cases, significant cost (compared to the equivalent ‘dumb’ version). People pay for features they can see and experience – and they tend not to pay for other stuff, like security. Security in particular can cost a lot of time and money to develop and build into your products, especially if you’re going to do it right. And so many companies don’t do it right or at all. So we like to say that the “S” in “IoT” is for security … meaning there is none.
Microsoft just announced a promising venture called Azure Sphere. Microsoft put in the time and effort to create a new platform for IoT devices – a custom hardware chip and accompanying software that are meant to be highly secure and as cheap as possible. But the big news here is that they’ve made this technology freely available to anyone – they’re giving away all this marvelous stuff without any strings attached! Now, there will be plenty of profitable synergies with other for-profit Microsoft products and services, to be sure, but having a readily accessible hardware chip design without royalties should allow many IoT product manufacturers to literally build top-notch security into their cost-sensitive IoT products for just the cost of production.
Building an IoT Wall in Your Home
I’ve written a whole other article on how to secure your personal Internet of Things devices from the perspective of reducing their likelihood of being hacked. But here I will deep dive into a strategy that allows you to segregate those devices from your really important networked devices – namely your personal computers and smartphones. There’s only so much we as consumers can do to improve the security of the devices we purchase – in many cases, there’s nothing we can do. Every one of these devices is a potential turncoat, a weak link to be compromised that could subvert the other devices behind your firewall. So what can we do?
Almost all modern WiFi routers have the option of creating a guest network – a completely separate WiFi network that allows access to the Internet but completely walls off access to the other devices on your regular home network. It would be like splitting your home into a duplex apartment. Everyone can come and go as they please, but have no direct access to the people in the other apartment, even though you share a roof.
So what you want to do is enable your router’s guest network and then migrate all your IoT devices to this network. That means that the smart devices will have access to the “cloud” (Internet) and each other, but will not be able to directly talk to your computers.
Unfortunately, setting this up is not easily described because every router manufacturer has a different management interface and each router potentially has a different IP address (which you need to access this management interface). But I can outline the basics here and point you to resources for the most popular routers.
Migrating Your IoT Devices to the Guest Network
Here’s what you need to do…
- You need to find the IP address of your WiFi router – because this is how you’ll access the management interface. If you have the documentation that came with your router, it will have this information. (Your router may be combined with your modem, which you probably got from your Internet Service Provider, or ISP.) These are the most common – you can try clicking on the one for your router.
- Once you have your router’s IP address, you’ll need to log into the admin interface. Most routers come with a default user name and password, which will be in the router’s documentation and sometimes printed as a label on the router itself. You can try one of the following pairs of ID/password. (“password” literally means the word “password” and “[blank]” means enter nothing at all.)
- Linksys: admin/admin
- Belkin: admin/[blank], admin/Admin, admin/password
- Netgear: admin/password
- D-Link: admin[blank], admin/admin
- Asus: admin/admin
- NOTE: Every router’s admin interface has a different look and feel, so you’re going to have to do a little poking around to find the settings for each of the things that follow.
- Once you log in, you need to change the default password! This is a very common hacking vector. Change it to something else, anything else – and you can write it down or even tape it to your router.
- Enable your guest network. Set the SSID (the network name that people will see when they’re searching for available WiFi networks) to something you’ll remember, but avoid names that will identify you or your home. Set the security to WPA2 and set a password. (While you’re there, you should do the same for your regular, non-guest WiFi network!)
- Now you’ll need to go to each of your IoT devices and migrate them to the new WiFi network. Every device has a different way of doing this, so consult the documentation or web support for each device.
- Bonus tip: When you have visitors who want to access the Internet, put them on the guest network, too! You don’t know where their devices have been – they may be infected with something that they aren’t even aware of.
NOTE: Some IoT devices require you to control them using a smartphone application via WiFi. In those cases, the devices may need to be on the same WiFi network as your smartphone. I would move all your IoT devices to the guest network first and see if any have problems there. If you find some that you can no longer control, you have two options: 1) change your smartphone to the guest network when you want to control those devices, or 2) move just that device back to your regular network. The first option is more secure.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!