TOTW №7: How to keep your IoT devices safe from hackers

Hello, IoTeX community!

Did you know that over 30 billion smart home devices will be in place in homes worldwide?

While continuing the explosive growth, it’s great news for consumers and manufacturers. However, increasing connectivity comes the obvious IoT security threats.

We’ll look today at how your smart home devices might be vulnerable to attack. Below are some examples of how these devices can be compromised:

In this week’s discussion, we would like you to share your TOP 3 ways to prevent hacker attacks and keep your devices safe!

:pushpin: Submit your answers by Monday, March 16th, 6 AM PST

:moneybag: Rewards: Most interesting & creative 3 answers will receive 1,000 IOTX EACH + all of the participants will be entered in the community scoreboard for March !
{Make sure to include your Telegram ID}

You can post more than once but make sure to share different stories/use cases, do not duplicate posts. Feel free to comment & reply to posts from other community members.

6 Likes

1.Set up a guest network.
Keep your Wi-Fi account private. Visitors, friends, and relatives can log into a separate network that doesn’t tie into your IoT devices.

  1. Check the setting for your devices.
    Your IoT devices might come with default privacy and security settings. You might want to consider changing them, as some default settings could benefit the manufacturer more than they benefit you.

  2. Don’t use Cloud storage much.

TG: @murugan25589

3 Likes

Don’t connect your Wearable devices on public network.

Always update the softwares installed.

Don’t use the default passwords/settings

TG: @devaraj8717

2 Likes

install a VPN on your home router . It will encrypt all your internet communications, so no hacker will be able to read it.

one unprotected device can make your entire home vulnerable . So, keep different passwords on devices.

Have your devices in private network

Tg - @tmalar93

2 Likes
  1. plan to update the firmware on your devices regularly
  2. encrypt everywhere possible - never send unencrypted data over the web.
  3. you also need to regularly (frequently) test the security of your servers, including penetration testing (intentional attacks on them)

@maurya1219

2 Likes

Think on “security in depth”, that is, the protection of your network of devices in all its layers.
image
For example (from inside to outside):
1.- Use only devices from recognized manufacturers: Otherwise you cannot be sure that the vulnerability comes from the factory!
2.- Ensures device firmware is kept up to date.
3.- Look for the “Powered by IoTeX” emblem. It is the easiest way to ensure that your data will remain secure and controlled by you, and by no one else.


4.- Activate only the functions you are going to use.
5.- Change the default settings, especially the default password. The latter is not really necessary in “powered by IoTex” devices, since they use decentralized identity (DID).
6.- Ensures the security of the networks they are going to use: they must be encrypted networks, with authentication mechanisms and secure configurations. Although the devices “powered by IoTex” ensure an encrypted transmission of information, it does not hurt to ensure the security of the networks.
7.- Provide device information only to secure cloud applications and platforms that ensure data privacy. Again with the “powered by IoTex” devices you ensure that it is always you who decides to share your information or not.
Let’s be careful out there
@JoeGoodman

2 Likes

1 Never reveal password to anyone even the service providers
2.change your login info from time to time
3 always encrypt your data
4 always use VPN and secure network

@JessiSam

2 Likes
  1. Disable broadcasting if possible
  2. Never store passwords in plain text files or transmit over unencrypted mediums.
  3. Have strong access control in place; limit the number of personnel who know how to access the devices if they’re password enabled.
  4. The best answer: Use IOTEX!

Telegram: @troytrojan01

3 Likes
  1. Data should not be tampered ( use Blockchain )
  2. Make the device in Private Network.
  3. Don’t use default settings from the manufacturer.

IoTex is using the blockchain to overcome all these issues.

Tg: @immugan

2 Likes

The security problem is one of the three IoT problems that, when the team founded IoTeX, found and tried to solve with IoTeX.
There are many rules to prevent hacker attacks, the most important for me are:

  1. Never use the same password for more than one account. Password must have numbers, special characters and uppercase letters. Passwords, obviously, should never be revealed. Change password once a month can be useful.
  2. Connecting only with secure devices or secure wifis. Don’t download apps from the Internet can be an important advice to ensure to prevent hacker attacks.
  3. Buy only products made by famous and certified companies, such as IoTeX. Buying devices whose origin is unknown could put your privacy at risk. All devices you connect with, must be certified.
  4. By using cryptography and blockchain to sign your data, you can surely prevent hacker attacks.
2 Likes

Most times there is no good additional ways of secure devices because a manufacturer gives an only way of using it’s production. Common people just can hope that it has been done safe enough.

  1. So it’s better to choose the manufacturer which uses cryptographical data protection for it’s devices, like IoTeX technologies do. :clipboard:
  2. If it is possible, use safe passwords, which have no logical connections to you. For instance, mobile phone number is often used as a password for wi-fi — it is very unsafe, even if you need a number as a password, it is better to use something random, not used twice for different purposes. :8ball:
  3. Sometimes it is better to use cord connections inside a house instead wi-fi, because it is harder to break it. :link:

Telegram… @bez_nicka

2 Likes
  1. Practice Good Password Habit: Passwords are frequently the only thing protecting your private information from prying eyes. Cultivate the habit of using strong password always. A good password strategy require you to:
    :white_check_mark: Keep your password out of your device, write them down in a safe place where nobody can access.
    :white_check_mark: Exclude identifiable personal information.
    :white_check_mark: Use a passphrase.
    :white_check_mark: Limit each password to a single account.
    :white_check_mark: Consider password management software for strong password generation.
    :white_check_mark: Use a multifactor verification option in addition to password as second layer sign in e.g SMS code, Google authentication code and or Authy code.

  2. Exercise good browsing habit: While the benefits of Internet are tremendous, the associated risks are numerous. When browsing the internet, the following steps must be taking to minimize the possibility of data compromise.
    :white_check_mark: Ensure the websites visited are secured.
    :white_check_mark: Download from trusted sources.
    :white_check_mark: Distrust free Wi-fi.
    :white_check_mark: Block pop up Ad.
    :white_check_mark: Never visit questionable website.
    :white_check_mark: Use security and privacy setting
    :white_check_mark: Be careful what file you open .
    :white_check_mark: Avoid calling unknown telephone numbers.

  3. Perform Regular Backup: Use a dual strategy to ensure your data stay safe by combining an encrypted, external hard drive with trusted online back up services.

Telegram Id: @tadex01

4 Likes

To prevent hacker attacks and keep your device safe, take the following steps:

  1. Review the private setting on your device- Some experts recommend the my Permissions tool as an easy solution to check your permission settings across a multitude of apps, receive reminders to clean undesired or out-of-date permissions with mobile-friendly apps, and get alerts when apps access your confidential information so that you can remove them with a single click. The tool is available for Microsoft, Apple, and Android operating systems. :desktop_computer: :computer: :iphone: :calling:
  2. Disable and Manage third-party permission- More often than not, third-party applications that users download onto their devices have certain permissions turned on without notifying the owner of the gadget.
    Therefore, location services, automatic uploads, data backup, and even public displays of personal phone numbers (looking at you, LinkedIn) are all permissions set to green upon installation. Managing these settings and on-set permission, especially those connected to the cloud, is essential when keeping your data secure from hackers. :cloud: :cloud_with_lightning:
  3. Encrypt your data by yourself- While backing up your data in case of an emergency is a must, first be sure to encrypt it yourself as a stronger approach to data protection. You can make your own data unreadable and unusable to the hackers, by encrypting the entire hard drive, a section of your hard drive, or a singular file by file process.
    Encrypting a few files requires a freeware program, some of which “can also make new compressed files, and when you do that, you have the option to encrypt the file names and protect the whole archive with a password. :file_cabinet: :file_folder: :card_file_box: :open_file_folder:

Telegram ID- @SangosanyaM

2 Likes

To best protect yourself, you need personal know-how or a security expert. From current software to VPN and firewall to the best anti-virus protection, etc. If you own a company, you still need trustworthy employees who are smart enough and do not fall victim to phishing attempts.

The best solution in the future will be an Internet of Trusted Things. Blockchain and the associated decentralization is the most suitable key for more security.

TG: altcoin_maximalist

2 Likes

We need to be aware by some important things, like:

All consumer internet-connected device passwords must be unique and not resettable to any universal factory setting

Manufacturers of consumer IoT devices must provide a public point of contact so anyone can report a vulnerability and it will be acted on in a timely manner

Manufacturers of consumer IoT devices must explicitly state the minimum length of time that the device will receive security updates at the point of sale, either in store or online

And finally Don’t Put Your IoT Devices in the Trash, If a hacker finds your old smart device in a trashcan, they may be able to access important personal data

Telegram ID: @Polato

2 Likes

Cloud storage - this is great solution!!! :+1:t2:

1 Like

In order to secure each IoT device, first of all, each manufacturer must approach the production of devices with all responsibility.
Some organizational principles for manufacturers of IoT devices:

:one: Ensure the security of software and hardware at every stage of the product life cycle;
:two: Consider security measures throughout the supply chain;
:three: Conduct “field trials” of cybersecurity to determine whether its principles comply with the technical specifications of products;
:four: Establish safe documentation at all stages of the project: from creating an IoT device or service to its operation;
:five: Create a security architecture for the IoT system;
:six: Monitor compliance with the established security architecture;
:seven: Detect and promptly investigate every unusual security event.

For consumers, I see one right decision - to buy “Powered by IoTeX” devices :white_check_mark:

@Artanovskaya

2 Likes

The safety of IOT devices depends on the technical capabilities of the IoT environment. Technical safety should be implemented in the IOT devices themselves:

  • check the reliability of the software before starting the IOT device
  • create a list of communication channels between devices and select the safest
  • create “white” lists of applications and review the list at least once a year
  • restrict access to systems through detailed authorization
  • provide entry into the system only to a limited circle of persons with the least access privileges
  • create a device in which privileged code and processes are isolated from the part of the firmware that does not need to interact with them
  • introduce a DDoS-resistant and balanced infrastructure

@SaleAccSF

1 Like

Hi guys! Thank you to all that have participated in this discussion :clap:

Here are the winners of this thread:
@murugan
@JoeGoodman
@tadex

Please check your wallets & join our next discussion TOTW№8

1 Like

Thanks for the opportunity to participated.

1 Like