Stimulus Tech Talk: What You Need to Know About the Internet of Things
The Internet of Things (IoT) is now an integral part of our daily lives, infiltrating our homes and workplaces with an array of smart devices. In this article, we'll explore the proliferation of IoT devices and the wealth of information they offer, as well as the challenges they pose, particularly in terms of security and data privacy.
The Everyday World of IoT
IoT devices have become a way of life, offering convenience and access to a vast array of information. From smartwatches to connected appliances, these devices have revolutionized the way we interact with the world around us. In the business world, manufacturers and companies have harnessed the power of IoT to gather data and monitor various aspects of their operations.
The Good and the Bad of IoT
Amidst the convenience and innovation, IoT devices bring inherent vulnerabilities. Past incidents, like the Stuxnet virus, have showcased the real-world threats that these devices can pose. For example, the Stuxnet virus significantly disrupted Iran's uranium enrichment plants by exploiting weaknesses in Siemens IoT devices. Another instance involved a breach of over 150,000 networked cameras due to default login credentials.
Keeping a Smart World Secure
Securing your IoT devices is of the greatest importance, both in personal and business contexts. Changing default passwords to strong, unique ones is a crucial first step, as many devices lack adequate protection against brute-force attacks. Additionally, avoiding direct exposure to the internet and employing virtual private networks (VPNs) can enhance the security of these devices.
Data Collection by IoT Devices
Data privacy is a critical consideration when using IoT devices. Many of these devices collect various forms of information, often disclosed within lengthy service agreements. To protect your privacy, it's important to opt out of data collection where possible and to choose reputable vendors to avoid devices that surreptitiously transmit data back to manufacturers.
Securing Business and Personal IoT Devices
Distinguishing between personal and business use of IoT devices is crucial. For businesses, implementing VLANs and robust network segmentation can significantly enhance security. In personal usage, it's recommended to follow security best practices, including using strong credentials and purchasing devices from reputable vendors.
Enhancing Business Operations with IoT
IoT devices have the potential to enhance business operations in various ways. Environmental monitoring devices can safeguard against issues like temperature fluctuations and floods in server rooms, preventing costly equipment damage and downtime. Additionally, IoT devices can optimize production processes and workflows, offering valuable insights across a range of industries.
A Look at the Future of IoT
The future of IoT promises even greater integration into our daily lives. Innovations like Amazon's smart shopping cart and Tesla's connected cars illustrate the increasing interconnectedness of IoT. However, as we embrace these advancements, it's essential to consider the trade-offs between connectivity and privacy in an ever-connected world. Balancing the benefits with potential risks and challenges will be a critical concern for individuals and businesses alike.
Want to be notified when there is a new episode of Stimulus Tech Talk? Sign Up Here
Stimulus Tech Talk: What You Need to Know About IoT transcript:
SUMMARY KEYWORDS
devices, network, connected, cameras, information, set, password, manufacturer, internet, business, iot devices, vulnerability, recommend, security, technology, uranium enrichment, stimulus, software, direct access, monitoring
SPEAKERS
Intro, Sherry Lipp, Nathan Whittacre
Intro 00:00
You're listening to Stimulus Tech Talk. A conversation based podcast created by stimulus technologies covers a range of topics related to business and technology.
Sherry Lipp 00:12
Welcome to Stimulus Tech Talk, I am Sherry Lipp, marketing manager at Stimulus Technologies. And I'm here today with Nathan Whittacre, our CEO, as usual. And today we're gonna be talking about an interesting topic, something that we all deal with, but maybe we haven't thought about a lot about and that is Internet of Things, which is all the devices that we have connected to a Wi Fi, or the internet in our house and our business. Hello, Nathan, how are you?
Nathan Whittacre 00:44
Oh, good. How are you doing?
Sherry Lipp 00:46
I'm good. I'm excited about this topic. I think it's a really interesting one. And there's kind of a lot of different factors to it. So to start out, what are your thoughts on all these devices we have connected?
Nathan Whittacre 00:58
Well, certainly, it's pretty amazing that we can get so much information and, you know, connection to all parts of our lives. Now, I mean, we all have, you know, smart, or a lot of us have smartwatches, I don't think you can buy an appliance today in our home that isn't connected to the internet, I recently bought a new washer and that connected so it could send alerts to my phone that, you know, the washing cycles done and, you know, refrigerators and heck, toasters vacuums, that everything is connected now, right. And it's a lot of interesting information that you can get off of these devices and a business. I mean, I think it's also interesting, you know, the, the amount of information you can get, if you're a manufacturer, you know, information from all the machines on your manufacturing floor, cameras in your office, there's just so much information out there, through these devices connecting. So I think it's they're very ubiquitous now in all the things that we do. But that leads to a lot of problems, too. So hopefully, we'll get into that.
Sherry Lipp 02:05
Yeah. So that was going to be my question. I mean, how vulnerable are these devices? And let's say, you know, you know, from personal standpoint, from your home standpoint, but from business standpoint, if somebody has I mean, like you're saying, right down to like a coffee mug that will heat up on your desk is connected to an app on your phone. And then your employee is connected to your business Wi Fi, does that add an extra vulnerability for the business? Or is that you know, on their phone, or, you know, where is it? Where are the vulnerable vulnerabilities?
Nathan Whittacre 02:37
Well, it took down the uranium enrichment of Iran about 15 years ago. So I think there's some issues. Yeah, it's actually there's there's a lot of issues with IoT. So a little story on that it's it was called the Stuxnet virus. I actually wrote a little bit about it in my book, because I found it very interesting. So, you know, hackers from, you know, nobody's admitted to it. But hackers from obviously other states that were trying to take down Iran's uranium enrichment and nuclear capabilities, used the vulnerability in some software that was running on some IoT devices by Siemens on the network. And they were able to infect through this to this virus 1000s of computers and basically took down this uranium enrichment plant in Iran. It's one of the largest IoT attacks and one of the first ones that have really been public, and they think that it damaged almost 1000 centrifuges that they were using to enrich your uranium. So certainly a lot of vulnerabilities. Another one, you know, that was around a couple of years ago were cameras, a lot of so historically like surveillance cameras, there was one DVR digital video recorder device, it was generally connected to the network and and then the cameras were hardwired. But most systems today the cameras are all network based, whether wireless or wired. And so the you know, the cameras are communicating with the video recorder that could be hosted in your office or could be hosted on the internet directly. There's no direct cables or passive connections anymore. And so there was an issue a few years ago on one of the software by ricotta. This was back in 2021, that that there was over 150,000 of these cameras that had default information that were publicly accessible. And so you could log in To these cameras, you know, where, you know, from anywhere in the world. And so, you know, people were scrubbing the internet to find these cameras, and you know, watching, you know, hospitals or schools or prisons or your house or your, your workplace. And so, you know, definitely an issue with these devices, if they're not configured properly, I think that's more of an example here is that these were installed without proper configuration that left them vulnerable. So, you know, there's certainly a lot of issues that could come come about with his IoT devices.
Sherry Lipp 05:40
What can people do I know, there was kind of a new story a few years ago, where somebody you know, realize somebody was talking to their kid through a baby monitor, you know, in the room. So what can people do to safeguard these devices, because I think we know what times we look them up and connect them and we don't play, think too much about it?
Nathan Whittacre 05:58
I think the first thing to do is make sure you are setting a new and strong administrative password on the devices, I think that's one of the issues that comes about is whether you do it yourself, or you hire somebody to come in and install these devices, they may leave the default administrative credentials, or put in credentials that are very easily cracked, a lot of these devices don't have a lot of intelligence in them that you know, prevent brute force type attacks. So it's pretty easy to sit there and just guess the password over and over again. And if you have a short password, that's an administrator password, it can be guest within minutes or weeks. And so that would be the first thing that I would suggest is making sure that you'd set you know, new credentials. And then the other thing is, is I wouldn't recommend any of these devices to be directly accessible outside the network. So what we've seen a lot, as I've gone in and done analysis is, you know, for ease, the potentially the IT administrator or the employee that set these up, or the owner of the company set these up, I would do what's called a port forward on their firewall and allow direct access to these devices from outside the network. And that's okay, if it's hardened, like if you have security monitoring, if you have a good firewall that can detect brute force attacks on that device. But better way to do it is you know, setting up VPN access private access into the network so that these devices aren't directly accessible from the internet. So that would be this, the better way of doing it is having, you know, a non direct access to these devices. Now, a lot of them obviously, are cloud based now. And so again, the same thing goes with a cloud based technology is making sure that your credentials on that software are strong, and the passwords are strong, and you have some type of multifactor authentication to get in there. So these can't be brute force attacks. So that's those, I mean, the basic security principles, but they go along the same ways. And I think a lot of manufacturers are doing a good job now of like, forcing you to reset your password back in, you know, 10 years ago, it seemed like you'd grab a router or device out of the box, you'd install it, you could leave it with an administrative password that came with it, you know, admin, admin or admin password or, you know, test 1234, something that was just a really easy password. And it would let you, you know, plug it in, get it working and leave that as default. But now, I find that most devices make you reset it to a strong password, because this has gotten a bad, bad rap over the years.
Sherry Lipp 08:47
Do any of these types of devices collect data of any kind? And is there a way for my businesses to manage that?
Nathan Whittacre 08:56
Yeah, I mean, there's definitely some collection of data there. You know, products that are sold in the United States are supposed to tell you what they collect, you know, when you when you're installing the device, and that 20 Page service agreement that comes up that you scroll really quickly through and then you say, I accept, I mean, it's telling you what they're collecting, and a lot of them do collect information on what's going on. And they're supposed to allow you to opt out of that information. So if you don't want your data collected, I would recommend opting out. The other scary thing is, you know, buying from reputable companies. There are a few Chinese companies that are banned from selling products in the US, because they were found that they actually had chips on the devices themselves that were, unbeknownst to the, you know, the people that were running the software. Were sending data back to to China to the manufacturer, they were monitoring. These were higher end routers that were run by us by Internet companies. But these devices were sending information, unbeknownst to the administrators back to the manufacturer. And so there are products that are banned here in the United States for for us because of that. So I would recommend, you know, sticking with some of the top vendors don't don't buy just anything you find off of Amazon or whatever website making sure that these are reputable vendors. Because, you know, some of these might be able to get in and skirt some of these import laws. And you might buy devices that aren't allowed to be sold in the US. They might be sold under a different name or different practice, and then they they still are sending data without your knowledge, which is super scary. For sure. Yeah. Yeah.
Sherry Lipp 10:50
Are there any security considerations that would be different for personal use, and for business use?
Nathan Whittacre 10:57
I would say, you know, businesses, because you have a lot of more information on your network, I often recommend like surveillance systems, or these IoT devices be segregated on separate networks. So if you have a larger organization, call it you know, more than 10 employees, you would want to set up VLANs, which is a virtual separation of devices on your network and actually move these devices to a separate VLAN, kind of like what you would do for a public Wi Fi, so that these devices don't have direct access to the rest of your infrastructure. It it's a little more complicated to set up and you need better networking equipment, but it sure is a huge security uptick to not have these devices plugged into the public Internet, or your your private network, that network that's running your other web servers, workstations, things like that, for personal use, I mean, that's a little bit more complicated. I think it goes back to the same security practices I recommended before, you know, by reputable companies devices, maybe turn off that anonymous statistical information that set back to the manufacturer, and making sure that you have, you know, strong credentials that are on those devices, so that, you know, somebody can't talk to your baby monitor, through your baby monitor to your baby, you know, because maybe that the credentials were left to be default. So those would be for personal use at what I'd recommend.
Sherry Lipp 12:36
And kind of moving past the security side, do you have any favorite devices that would be used in business?
Nathan Whittacre 12:44
You know, as I mentioned, before, you know, the, the surveillance cameras are really common. There's some really interesting technology, I mentioned manufacturing, before, there's some devices that, you know, could you know, count production give you, you know, direct information on what's going on, on the production floor. That's, that's really interesting, I've seen, and we've helped companies that are using them for like monitoring water flows or workflows that are going up, like for an environmental company. And then, you know, maybe something else that's interesting is monitoring for flood or temperature monitoring of your server room or your office. So there's environmental monitoring devices, I think, that are good, especially if you have some type of server equipment, because the one of the worst things that could happen is, you know, you're over the weekend and your water heater bursts. And it's flooding your office and, you know, flood, flood your entire environment and you lose, you know, not just your carpeting, but could lose a lot of your computer infrastructure. Or you know, the air conditioner goes off and then your server room overheats, and you might lose some of your equipment, we've seen both of those happen. And some environmental monitoring devices that are pretty inexpensive, but could tell you if you have a water leak can tell you if your air conditioner stopped working, and I knew rooms are getting too hot. So those are some cool devices that are kind of a protection. But from a productivity standpoint, you know, look at what you're doing and see if there's more information you can gather and there's probably some type of technology out there to help you do it across your network.
Sherry Lipp 14:31
Alright, so it sounds like there's a lot more than just heating up your coffee, your phone app and kind of want to wrap it up. What do you think, you know, we've heard of stories about like, we can walk into a store and they're going to scan us to make the purchase. What do you think is the future of this kind of these kinds of devices?
Nathan Whittacre 14:54
You know, that's probably one of the biggest one Amazon with Whole Foods is tried that out and I actually had the chance to Do that it was really quite interesting, you know, the shopping cart was a smart shopping cart. And as you put devices in the shopping cart, it was, you know, detecting what you were putting in. And then, you know, at the end, when you were done, you just as you're walking out, if you scan your barcode on your phone, and you're completely checked out, so that was an interesting, you know, interesting thing that I saw, you know, there's, there's a lot of other cool technology, I think, you know, as, as you see companies like Tesla, for example, that are using this technology, that all their cars are completely connected. And that's how they're training their software to do to do the fully automated driving, pilotless or, you know, full full pilot in cars. So, you know, I think the more and more connected we are, the more and more information we can get, you know, training algorithms training AI, it needs a lot of data to train that information. And so the more and more we give these systems, the better the computer systems become. Also scary on the other side, from a privacy and security standpoint, you know, do you want the car manufacturer knowing everything you're doing and how you're driving? And, you know, we have to decide as a society, how much information we're willing to share. But we want the benefits of it, too. So it's, I think it's a balance that we're dealing with in society today. And that most of these companies, I think they're striking a reasonable balance allow you to opt out, if you don't want that information shared, but that's one thing that I'd be looking at, is, you know, just deciding for yourself how much information you're sharing, and how much connectivity Do you want? And, you know, that's, that's an individual decision, all of us need to make.
Sherry Lipp 16:52
Yeah, I mean, it's all really interesting. And obviously, there's going to be a lot more security technology along the way as well. But thank you so much for your insights on this. I just, I find it to be a very interesting topic.
Nathan Whittacre 17:03
I do too. It's a lot of fun. I mean, I I have a lot of gadgets that are internet connected, and I tend to tend to enjoy it. But you know, just making sure that we're, we're secure on the same thing. So thanks, Sherry, for bringing this up.
Sherry Lipp 17:16
Yeah, thank you