Smart technology has made it easier for people to explore what’s happening inside their homes and take control of things such as heating and cooling, electricity consumption and entertainment options. But before we knew it, the population turned their homes into mini data centres — ones that don’t have system administrators to worry about the configurations and security controls. There is one appliance at the forefront of smart home technology and that is the home gateway device – generally, a Wi-Fi router.
The router acts as a central hub connecting most of a consumer’s devices, yet what many don’t realise is that the hub is the first, last and only line of defence to every appliance in the home. The router is a door to a consumer’s financial data and personal information. As such, it needs to be secured, just as an individual would lock their front door to prevent burglars.
While most are aware of protecting their laptops and even mobile phones with anti-virus software, it must also be stressed that digital security in the home doesn’t end with these devices alone. Because of the way all electronics can be connected through a home gateway device, it is important for security efforts to limit lateral movement that invites attackers to jump from one to the next.
When it comes to securing internet of things (IoT) in the home, consumers and security professionals can adopt and share the following resources to improve safety practices:
Update the software of the home gateway device at least once per quarter: As soon as vulnerabilities are publicised, hackers will be scanning these devices almost instantly to take advantage of them. If a user has purchased their own router, they are responsible for making sure the software is up-to-date, and for those who subscribe as part of a service, the provider will push these updates.
Make sure the admin console on a home router is password protected: Many people will have a password protecting access to their Wi-Fi networks, but this is a separate password for the admin console. Make sure the password is unique and not the same as any others used for devices.
Ensure you use the WPA2 protocol and protect it with a strong password: This is extremely important for consumers using legacy devices, as older protocols including wired equivalent privacy (WEP) was found to be an insecure method.
Activate media access control (MAC) filtering: A consumer can set up devices on their router using this unique identifier so that rogue devices will not be able to connect. The router will then tell the consumer what is connected to it to allow restricted access to any unknown devices.
Turn off Wi-Fi protected set-up (WPS): After initial set-up of the gateway, WPS is no longer required nor is it robust or reliable.
Do not open any ports on the router firewall: The firewall is the main security feature built into a home gateway device and acts as a filter for traffic entering and leaving the device. However, there is no good reason for it to ever allow for a household to be reached by the outside. Service providers may request a port to be opened, but users should know that it is only for their convenience so they can offload and speed up service delivery.
Never enable the Universal Plug and Play (UPnP) feature on a device: UPnP is a consumer device feature that can be seen as ‘horrific’ by some for security as it opens a port which can enable malware and attackers to get in. Although vendors have the right to ask users to enable it for a better experience, for example in gaming, but in reality it does not need to be enabled.
Don’t bother hiding the Service Set Identifier (SSID): The SSID for a Wi-Fi router isn’t the best method of security anyway, so don’t bother hiding it as it is a misconception that it will make things more secure. If you do hide it, all that will happen is that our end points will have to work harder and therefore consume more power.
Practice security by separation and take full advantage of the ‘guest network’ feature on modern routers: The guest network on modern routers will allow lower trust users to access Wi-Fi, for example, but not have the same level of privileges. It is secured by a separate password and isolates devices connected to it from the main unit. A consumer can use this for people coming into their homes and, going a step further – why not act on the assumption that all devices are compromised and put all of them that leave the home network on it, for example; tablets, mobile phones, laptops, etc.
Cesare Garlati is the chief security strategist at prpl Foundation. He is an internationally renowned leader in mobile and cloud security and the former vice president of mobile security at Trend Micro and co-chair of the Mobile Working Group at Cloud Security Alliance.