by Dave Moore, 6-30-19
“Smart” speakers, smart TVs, smart refrigerators, smart thermostats, smart light bulbs, smart coffee pots, smart watches, smart door locks, smart phones, smart prescription medicine dispensers (really?), smart cameras, smart doorbells, smart vacuum cleaners, smart cars, smart window shades; hey, how about an entire smart house? Are these things real? What does it all mean?
Also known as “Internet of Things (IoT)” devices, so-called “smart” devices are generally defined as electronic devices that can connect to and interact wirelessly with other devices using the Internet. Smart devices can be programmed to automatically and/or autonomously perform certain chores, like change your heating and cooling systems, play music libraries, unlock doors, monitor your health, order groceries, dim the lights and drive your car to work.
Those are just some of the Joe and Suzy Homeowner things that smart IoT devices promise to do. The business, manufacturing and government implementations of IoT are far more impressive, powerful and, yes, creepy.
Let’s get one thing straight, though, right up front: there is nothing actually “smart” about any of these devices, at least not compared to human intelligence, or even the intelligence of a dog. Just because you can say, “Hey, Siri,” to an Apple device, or “Hello, Alexa” to an Amazon Echo speaker, and have it play back sounds and sentences resembling a human voice does not make it smart.
It may seem like the device “knows” what you’re talking about, but, in reality, it is doing nothing more than running a series of high-speed artificial intelligence algorithms accessing giant databases of human knowledge and spitting out best-guess responses in an attempt to present a pleasing conversational experience that will motivate you to do one thing: believe in the illusion, and then, buy more “smart” devices.
It’s like watching a puppet show. It may look like the puppets have intelligence, and are actually speaking, but, behind the scenes, humans are actually pulling the strings. Despite the high-tech smoke and mirrors marketing gobbledegook, Smart IoT devices don’t have the brains God gave a bug.
So, with those brief introductory remarks, please allow me to get to the meat-and-potatoes part of this column, which is, how dangerously unsafe smart IoT devices can be, and what to do about them. Sadly, very few of them are designed with safety, security or privacy in mind, which means if you’re not careful, using them can allow the Internet bad guys to rob you blind.
Since I know many of you will be hypnotized by the marketing wizards at Apple, Amazon and Microsoft, and will drink deeply from the well of smart device Kool-Aid, here’s how to reign in that little IoT monster once you get it back to the house.
Start with your Wifi network. Make sure you are using WPA2 security with a strong password. Change your WiFi network name (aka, the SSID) to something obscure; do not use the default name, nor should you use your name, address, phone number, etc. From the router’s settings, disable Guest access.
Use two networks, one for computers/tablets/phones that access online accounts (email, shopping, banking, etc.) and a separate network for IoT “smart” devices, including Netflix, Hulu, YouTube, etc. Make sure your router’s firewall functions are enabled, with IoT smart devices limited to only the required ports.
Change default passwords. Use complex passwords for everything. Never use the same password for multiple accounts.
Consider a UTM (unified threat management) appliance. Consider routers designed with IoT security in mind, such as those from Fortinet, Sophos, Watchguard and SonicWall. Disable remote management tools on IOT devices if not in use. All controllers (desktops, laptops, tablets, phones) need security software installed.
Study the devices you want to buy; look up any known security problems they may have. Only buy name brand items. Make sure all devices are compatible with each other and the management software. Consider only buying one brand. Check manufacturer’s websites frequently for IoT smart device updates; their update procedures are usually not automatic.
Look at all device settings and defaults. Change those that are not secure or reveal too much information. Create your own “wakeup” words. Change things from always on to always off.
Educate yourself about Internet safety. It is no longer OK to not know how Internet safety works.
Dave Moore has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.com