Think your home IT is secure? Think again
29-11-2017 | By Paul Whytock
News this week that car thieves can now stand outside your house and pick up signals from your car keys stored inside your house (all too often near the front door) and then use the signal to get in and drive your car away means many of us have yet another system security issue in our personal lives that needs taking care of.
In this case it's pretty easy. Keep your keys as far away as possible from your parked car and/or keep your keys in a Faraday cage, which you can easily buy online.
So that's a simple problem to solve but with the proliferation of the IoT and with the majority of homes having a number of essential devices that are Internet connected, personal information and data security is a rapidly escalating problem.
To put that in some perspective, a recent report concluded there are something in the region of 2.5 million online devices in London that are vulnerable to hacking. These include a lot of company-based systems but also personal stuff like routers, baby monitors and kids toys and lifestyle stuff like watches that can tell you just how unfit you are.
The report was produced by security specialists Trend Micro and the information it contains was created by using the IoT search engine Shodan. London came out tops of all the major UK cities when it came to on-line security vulnerability but that doesn't mean it is particularly lackadaisical when it comes to system security. It’s just that proportionally it accommodates the highest number of IT dependant business in the UK and also has the highest population of on-line connected homes.
The Trend Micro report goes into great details regarding the potential security weakness it found relative to commercial operations but what particularly interested me as a home worker with an on-line office was its conclusions and comments regarding home IT security issues.
It makes clear that all IT information coming from connected devices in homes must pass through some form of router all the way through to BX class routers between mainstream telecommunications companies.
Unfortunately security weak and compromised routers can be made part of botnets and used for DDoS attacks such as Mirai12 which recently infiltrated Twitter.
The report also mentions that during the past decade nearly 600 router design vulnerabilities with designated Common Vulnerabilities and Exposures (CVE) numbers have been found and reported by researchers.
But it's not all about the routers. Home printers hold confidential information such as such as personal bank account details, emails, purchasing history and payment methods and travel information.
This makes exposed printers an attractive target for attackers. Compromised printers could also be used for lateral movement within a network. They have additional services most people do not consider particularly sensitive but may also be used in attacks such as Simple Service Discovery Protocol for DDoS attacks, SMTP for sending spam and phishing emails and voice phishing and telephony denial-of-service attacks. Fortunately, the majority of printers investigated by the report were found to be secure.
However, the report felt that most people at home are either unaware or unconcerned about the potential security risks that their exposed connected devices pose.
But bearing in mind that just about every home does not have the benefit of an IT security whizz kid the report has come up with some excellent security advice for home IT operators and I thought I'd share these with you.
Firstly, always enable password protection on your devices.
Secondly, always change default passwords for stronger more complex personal ones.
Thirdly, always change default settings. Many devices have all their supported services enabled by default, many of which are not essential for regular daily use. If possible, disable nonessential services.
Fourth, never jailbreak any of your devices. This can disable integral device security features making it easier for hackers to gain entry.
Fifth, never install apps from unverified third-party marketplaces. This is especially a big security risk for jail broken iOS and Android devices. Apps installed from unverified third-party sources can have backdoors built into them that criminals can use to steal personal information.
Sixth, always take advantage of system updates as these can solve security vulnerabilities.
Seventh, always make sure you enable both disk and communication encryption. This will secure the data on the disk against theft.
It's unrealistic of course to think everyone reading this will implement all these IT suggestions from the Trend Micro security report but anything that helps frustrate the hackers has to be a good thing.