FBI Portland
Portland Media Office
(503) 460-8060
December 12, 2017

FBI Tech Tuesday—Building a Digital Defense Against the Internet of Things (IOT)

Welcome to the Oregon FBI’s Tech Tuesday segment. This week, building a digital defense against “Internet of Things”—or “IoT” attacks.

If you were thinking about asking Santa for something from the “Internet of Things” world this year, you have plenty of options. The possibilities include everything from devices that control your lights and thermostat to security systems to gaming systems and music players. There are wearables such as fitness trackers and tech-connected clothes. Or, how about a new Internet-enabled fridge or stove?

Once you get your wish list together, don't forget to ask for a hub to control all of your other “things” through a single app on your phone. We will all be living like the family of the future in no time! In fact, the FBI estimates that the number of “Internet of Things” or “IoT” devices will increase from 5 million last year to anywhere from 20 to 50 million in the year 2020.

But, before the sleigh and eight tiny reindeer show up on your roof, make sure you are ready for the reality of what you are bringing into your home.

Bad actors have been taking advantage of the lack of security, manufacturers' difficulty in patching vulnerabilities, and consumers' inexperience to exploit these devices. In many cases the devices are just using default usernames and passwords, which make them easy targets for the cyber thieves. Criminals can use that open door to force your device into service as part of a botnet, or to access other connected systems that have sensitive personal or business info.

It can be difficult to know if your IoT device has been compromised, but there are simple steps you can take to help secure your things:

  • Change default usernames and passwords. Many default passwords are collected and posted on the Internet. Do not use common words and simple phrases or passwords containing easily obtainable personal information, such as important dates or names of children or pets.
  • If you can't change the password on the device, make sure your wireless Internet service has a strong password and encryption.
  • Invest in a secure router with robust security and authentication. Most routers will allow users to whitelist, or specify, which devices are authorized to connect to a local network.
  • Isolate “IoT” devices on their own protected networks.
  • Turn devices off when not in use.
  • Research your options when shopping for new “IoT” devices. When conducting research, use reputable Web sites that specialize in cyber security analysis and provide reviews on consumer products.
  • Look for companies that offer firmware and software updates, and identify how and when these updates are provided.
  • Identify what data is collected and stored by the devices, including whether you can opt out of this collection, how long the data is stored, whether it is encrypted, and if the data is shared with a third party.
  • Ensure all “IoT” devices are up to date and security patches are incorporated when available.

Santa may want to give you the future at your fingertips—just make sure you are ready for it. For more tips about “IoT” devices, check out the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Coming up next week: how to protect your kids when Internet-connected toys show up under the Christmas tree.