ICO in Internet of Things Security Warning

Data protection watchdog the Information Commissioner’s Office (ICO) has repeated warnings about the Internet of Things, urging users to take steps to protect their privacy and security.

Group manager for technology at the ICO, Simon Rice, explained in a blog post that users are still making the same mistakes they did two years ago, when a major story hit the headlines around IoT flaws.

Back then, it was revealed that a Russian website was streaming live feeds from CCTV, baby monitors, web cams and the like located around the world by taking advantage of security vulnerabilities.

“A lack of security when it comes to IoT devices could mean that a search engine is used by criminals to locate vulnerable devices and then gain access to them or others on your home network,” he said.

“An attacker could then use your equipment to mount attacks on others or take your personal data to commit identity fraud.”

While the ICO is looking to work with manufacturers to improve security protections out of the box, it argued that users must also take steps to protect their digital homes.

This includes researching the security of the product you’re about to buy, and rejecting it if, for instance, it can’t receive security updates.

“If consumers reject the products that won’t protect them, the developers should get the message quicker,” said Rice.

Also important is to regularly check the manufacturer’s website for any IoT products in the home in case there are updates to install – although Rice warned that firmware updates can overwrite settings, so back-ups are important.

The router is the “first line of defense on the perimeter of your home network” so it’s vital to ensure it is not exposing other IoT devices to the public internet, or using default passwords.

Log-ins for other devices should also be changed from the factory settings, or if possible, two-factor authentication should be enabled, the ICO warned.

“Don’t just plug your device in and skip as much of the set-up process as you can,” Rice concluded.

“Take time to read the manual and familiarize yourself with the security and privacy options available to you.”

Internet of Things security and privacy issues are forever coming to light. Earlier this month, it emerged that a previously disclosed vulnerability in D-Link IoT devices including baby monitors could affect more than 120 products around the world – allowing hackers to remotely access them.

What’s Hot on Infosecurity Magazine?