Home > Identity Theft > How to Keep Your Fridge From Exposing Your Data

Comments 0 Comments

In 2015, somewhere in the neighborhood of 1 billion Internet of Things (IoT) devices will be purchased, an increase of 60% over the previous year. There will be 10 billion IoT devices connected to the Internet this year.

A couple of years ago, a survey found that three out of four Americans had no clue that there was such an animal as the Internet of Things, and many likely still don’t know (until you tell them their new smart TV or fitness band counts). Since the IoT is only going to get bigger, it’s best to get a handle on what it means for you.

The IoT can be any product or appliance equipped with a chip for storing data and web connectivity. The point is two-fold: service and data collection. Whether we’re talking about a car or a dishwasher, manufacturers can identify this or that “thing” by a unique code, then send it information over the Internet, including commands and software updates; conversely, they can also receive communications from it. Many of the devices that fall under the IoT heading have web- and app-based interfaces that allow end users to control them from wherever they may be, whether it is a security camera, a front door or a clothes dryer.

Frequently, these souped-up appliances are marketed as “smart devices,” and they have a variety of benefits. A smart coffee machine can make your coffee at 7:30 every morning, or smart tech can warm up your car whenever the temperature is below freezing. It can open the doors at your business and turn on the lights. The possibilities are endless, and excruciatingly cool. But the downside, of course, is the security risk. Because this data is moving around on devices that are not universally protected, in an environment where there is no established security standard, we have no way of assessing the level of risk.

Most IoT products are often woefully underprotected (or not protected at all), and that opens the door to hacking. From the criminal’s perspective, the IoT is, simply, an opportunity — a bunch of holes in the fence of your information security. It expands your attackable surface. Computer manufacturers and software companies devote attention and resources to providing security, but appliance makers have little understanding of the field. It is only a matter of time before the hackers start digging into their programs.

In fact, the first proven large-scale hack of IoT devices occurred in December 2013 and the first week of 2014, according to the security-as-a-service company Proofpoint, based in Sunnyvale, Calif. According to Proofpoint’s press release detailed the marshaling of conventional household smart, or IoT, appliances, “the global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multimedia centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.”

Normally, a mass of spam as large as 750,000 emails would be caught by filters. But what if the filters didn’t know the emails were coming from the same place? In this attack, which took place between Dec. 23, 2013,and Jan. 6, 2014, bursts of email — as many as 100,000 of them at a time — were sent out through an army of machines several times a day. Twenty-five percent of the email was sent via
 noncomputer “things” (i.e., not a laptop, desktop computer or
 smartphone). Because each IP address was programmed by the hackers to send no more
than 10 emails, none of the location-based defenses that networks use to block spam were triggered. After all, who would suspect a refrigerator of malfeasance?

Luckily, there are some things you can do to reduce your attackable surface.

1. Change Default Settings

Your new device may come with no password set or a password set to something that can be easily searched online. The first thing you need to do is change that password to something long and strong, with upper and lowercase characters, numbers and a good dollop of unpredictability. Stay away from number sequences like birthdays and phone numbers, which could be gettable from data compromises and breaches.

2. Create a Separate Email Account

The best way to protect your privacy and monitor any illegal activity associated with your IoT device is to register it to an email account that you only use for IoT devices, perhaps even that you only use for a particular device. If something happens, you will not be as exposed. Remember: email is an element of personally identifiable information.

3. Less Is More

While your media likes and dislikes and your diet and fitness milestones are fun to report, the downside is that you broadcast information about yourself to potential fraudsters as well. Keep it to a minimum.

When it comes to any new technology that makes life more convenient, bear in mind that the tradeoff is privacy and personal information security. The less you have out there, the less vulnerable to fraud you become.

The above is an adapted excerpt from Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, which hits bookstores everywhere Black Friday.

More on Identity Theft:

Image: ChrisBoswell

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team