The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
In 2015, somewhere in the neighborhood of 1 billion Internet of Things (IoT) devices will be purchased, an increase of 60% over the previous year. There will be 10 billion IoT devices connected to the Internet this year.
A couple of years ago, a survey found that three out of four Americans had no clue that there was such an animal as the Internet of Things, and many likely still don’t know (until you tell them their new smart TV or fitness band counts). Since the IoT is only going to get bigger, it’s best to get a handle on what it means for you.
The IoT can be any product or appliance equipped with a chip for storing data and web connectivity. The point is two-fold: service and data collection. Whether we’re talking about a car or a dishwasher, manufacturers can identify this or that “thing” by a unique code, then send it information over the Internet, including commands and software updates; conversely, they can also receive communications from it. Many of the devices that fall under the IoT heading have web- and app-based interfaces that allow end users to control them from wherever they may be, whether it is a security camera, a front door or a clothes dryer.
Frequently, these souped-up appliances are marketed as “smart devices,” and they have a variety of benefits. A smart coffee machine can make your coffee at 7:30 every morning, or smart tech can warm up your car whenever the temperature is below freezing. It can open the doors at your business and turn on the lights. The possibilities are endless, and excruciatingly cool. But the downside, of course, is the security risk. Because this data is moving around on devices that are not universally protected, in an environment where there is no established security standard, we have no way of assessing the level of risk.
Most IoT products are often woefully underprotected (or not protected at all), and that opens the door to hacking. From the criminal’s perspective, the IoT is, simply, an opportunity — a bunch of holes in the fence of your information security. It expands your attackable surface. Computer manufacturers and software companies devote attention and resources to providing security, but appliance makers have little understanding of the field. It is only a matter of time before the hackers start digging into their programs.
In fact, the first proven large-scale hack of IoT devices occurred in December 2013 and the first week of 2014, according to the security-as-a-service company Proofpoint, based in Sunnyvale, Calif. According to Proofpoint’s press release detailed the marshaling of conventional household smart, or IoT, appliances, “the global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multimedia centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.”
Normally, a mass of spam as large as 750,000 emails would be caught by filters. But what if the filters didn’t know the emails were coming from the same place? In this attack, which took place between Dec. 23, 2013,and Jan. 6, 2014, bursts of email — as many as 100,000 of them at a time — were sent out through an army of machines several times a day. Twenty-five percent of the email was sent via noncomputer “things” (i.e., not a laptop, desktop computer or smartphone). Because each IP address was programmed by the hackers to send no more than 10 emails, none of the location-based defenses that networks use to block spam were triggered. After all, who would suspect a refrigerator of malfeasance?
Luckily, there are some things you can do to reduce your attackable surface.
Your new device may come with no password set or a password set to something that can be easily searched online. The first thing you need to do is change that password to something long and strong, with upper and lowercase characters, numbers and a good dollop of unpredictability. Stay away from number sequences like birthdays and phone numbers, which could be gettable from data compromises and breaches.
The best way to protect your privacy and monitor any illegal activity associated with your IoT device is to register it to an email account that you only use for IoT devices, perhaps even that you only use for a particular device. If something happens, you will not be as exposed. Remember: email is an element of personally identifiable information.
While your media likes and dislikes and your diet and fitness milestones are fun to report, the downside is that you broadcast information about yourself to potential fraudsters as well. Keep it to a minimum.
When it comes to any new technology that makes life more convenient, bear in mind that the tradeoff is privacy and personal information security. The less you have out there, the less vulnerable to fraud you become.
The above is an adapted excerpt from Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, which hits bookstores everywhere Black Friday.
Image: ChrisBoswell
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams