Holiday tech support to-do: 'Internet of Things' cleanup

Holiday tech support to-do: 'Internet of Things' cleanup

The Internet of Things, objects that contain sensors embedded in them and the ability to send the data they collects outward, usually via WiFi or the Internet, raises a host of privacy and security concerns.

A. If you’re reasonably handy with computers, smartphones or tablets, providing tech help to family members has probably long since become a Thanksgiving tradition. But this year, you may find a different task on your to-do list: sweeping the house for hacked “Internet of Things” gadgets that strangers might abuse to snoop on your house or launch attacks against other sites.

Unfortunately, identifying a compromised camera or router is harder than spotting a computer that’s been taken over remotely. It’s not like you can run an anti-virus app on one of these connected devices.

“There's not yet a directory of insecure devices,” e-mailed Kashmir HilI, the security and privacy reporter for Fusion who was among the first to call attention to this problem in a 2013 post documenting remote takeovers of “smart home” gadgets. “I usually tell people to Google the name of the device they're considering + ‘hacked’.”

You can, however, easily check to see if your home’s Internet address appears in a database of publicly-accessible “IoT” hardware. Visit the “Internet of Things Scanner” page, maintained by the security firm BullGuard, to see if your location shows up in that list. This page can also conduct a direct scan for any gadgets with ports open to the Internet.

That page probably won’t report any issues, but even if it gives an all-clear you’ll still want to check up on any devices in the home.

As experts advised USA TODAY’s Elizabeth Weise last month, you should start with the wireless router, which controls every other connected gadget’s Internet access.

Log into its settings interface (in most cases, by typing a numeric address into a Web browser, which you’ll have to look up in the router’s manual) and then make sure its admin password isn’t some default, obvious item like “admin” or “password1.”

If you see an option to control your router remotely over the Internet--as opposed to restricting that access to your home network--you should disable it. Finally, install any firmware updates available for the router; that, too, may require consulting its manual to see where its settings interface hides that option.

With individual cameras and other IoT hardware, the current risk is a default login that can be exploited by the “Mirai” malware responsible for distributed denial-of-service attack that kept many big-name sites unreachable for hours last month.

Most of the devices targeted by Mirai were sold to industrial or office markets, but you should check the list posted by cybersecurity reporter Brian Krebs. His own site was an early target of a “DDoS” attack by Mirai-infected gear.

As malware goes, Mirai isn’t hard to kick out. At a conference in Washington last month, Akamai security researcher Ryan Barnett noted that, unlike other viruses, this one can’t survive a device’s reboot. Do that, then change its password through whatever interface is available--which could be a mobile app or a Web page.

But some attacked devices have hardcoded passwords that Mirai is programmed to attack. “In that case you're stuck taking the device offline and hoping for a recall,” said Stacey Higginbotham, a journalist who has covered this field for years.

If you’re in doubt--for instance, if you find a no-name connected camera with scant documentation--you’re safest unplugging the thing. That may very well be the case: We’re a few months away from getting something as basic as an Underwriters Laboratories cybersecurity label to guide our shopping.

If you luck out and find no connected device at any risk, your tech-support work probably isn’t done yet. Please consult last year’s cheat sheet, just about all of which still applies, as you go about that. Then feel free to take the last slice of pie.



Add Comment

all comments

  Other news

more
Carmarthenshire mum-to-be gets armed escort to hospital

Carmarthenshire mum-to-be gets armed escort to hospital..

29-May, 12:00

Armed officers who spotted a speeding car in west Wales discovered a...

US lawmakers seek to reverse Trump’s $110bn arms deal with Saudi Arabia

US lawmakers seek to reverse Trump’s $110bn arms deal with Saudi Arabia..

29-May, 07:48

Top Republicans and Democrats in Congress have called for the...

Emmerdale's Lucy Pargeter introduces twin baby daughters Missy Mabel and Betsey Maggie and reveals terrifying moment at birth when babies 'weren't breathing'

Emmerdale's Lucy Pargeter introduces twin baby daughters Missy Mabel and Betsey Maggie and..

29-May, 11:24

In an exclusive shoot and interview with OK! Magazine, Lucy Pargeter...

Improving wheat yields by increasing grain size, weight

Improving wheat yields by increasing grain size, weight..

29-May, 11:48

Larger, heavier wheat kernels -- that's how associate professor Wanlong...

Former Hillary Clinton aide writing memoir

Former Hillary Clinton aide writing memoir..

19-Apr, 18:16

A former Hillary Clinton aide and speechwriter is writing a book about...

Marathon Oil and Community Health skid; MoneyGram soars

Marathon Oil and Community Health skid; MoneyGram soars..

14-Mar, 17:18

Stocks that moved substantially or traded heavily on Tuesday: MoneyGram...

Seoul: North Korea fires ballistic missile off east coast

Seoul: North Korea fires ballistic missile off east coast..

04-Apr, 19:24

South Korea says North Korea has fired a ballistic missile into the...

O'Reilly apologizes for jest about Maxine Waters' hair

O'Reilly apologizes for jest about Maxine Waters' hair..

29-Mar, 09:40

Fox News personality Bill O'Reilly apologized Tuesday for saying he had a...