Pay attention to your IoT Device Security

Wow cool! A device that lets you know, via Internet, when your milk is beginning to sour! And a connected thermostat—turning the heat up remotely an hour before you get home to save money…and “smart” fitness monitors, baby monitors, watches…

6DSlow down. Don’t buy a single smart device until you ask yourself these 10 questions. And frankly, there’s a lot of effort in some of these questions. But, security isn’t always easy. Check it out.

  • Was the company ever hacked? Google this to find out.
  • If so, did the company try to hide it from their customers?
  • Review the privacy policies and ask the company to clarify anything—and of course, if they don’t or are reluctant…hmmm…not good. Don’t buy a device that collects data from vendors that fail to explain data security and privacy.
  • Does the product have excellent customer support?
  • Is it hard to get a live person? Is there no phone contact, only some blank e-mail form? Easily accessible customer support is very important and very telling of the product’s security level.
  • Does the product have vulnerabilities that can make it easy for a hacker to get into? You’ll need to do a little digging for this information on industry and government websites.
  • Does the product get cues for regular updates? The manufacturer can answer this. Consider not buying the device if there are no automatic updates.
  • Does the product’s firmware also automatically update? If not, not good.
  • Is the Wi-Fi, that the device will be connected to, secure? Ideally it should be WPA2 and have a virtual private network for encryption.
  • Will you be able to control access to the product? Can others access it? If you can’t control access and/or its default settings can’t be changed…then be very leery.
  • What data does the device collect, and why?
  • Can data on the device traverse to another device?
  • Ask the gadget’s maker how many open ports it has. Fewer open ports means a lower chance of malware slithering in.
  • Is stored data encrypted (scrambled)? If the maker can’t or won’t answer this, that’s a bad sign.
  • Ask the manufacturer how the device lets you know its batteries are low.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Front Row Seats When Internet Doomsday Hits Egypt

Most of us would have no idea Egypt had pulled the plug on the Internet unless it was splashed all over the news. However one company called iovation knew right away.

Basically “just like that” the up to 1000 fraud checks they receive every hour out of Egypt dropped to zero. At first glance one would think there was some type of meltdown or maybe Egyptian scammers all of a sudden decided to get a job.

Normally, iovation would see thousands of queries from Egyptian customers interacting with businesses of all types, including social networks, online dating sites, online gaming sites, banks and retailers. Then at about 6:00 pm Eastern time, nothing.

“We’ve got a unique view of the Internet at iovation. Our service experiences the interaction of unique computers and mobile devices from every nation on earth, across a broad swath of Internet commerce,” says VP of Corporate Development, Jon Karl. “When we’re seeing Egypt’s Internet fall off a cliff, it’s at a more precise individual user level rather than just through aggregated online traffic. While transactions from Egypt represent a very small percentage of the queries to iovation’s service, it has a ripple effect that’s felt by a wide variety of our customers.”

NPR reports “Egypt has apparently done what many technologists thought was unthinkable for any country with a major Internet economy: It unplugged itself entirely from the Internet to try and silence dissent. Experts say it’s unlikely that what’s happened in Egypt could happen in the United States because the U.S. has numerous Internet providers and ways of connecting to the Internet. Coordinating a simultaneous shutdown would be a massive undertaking.”

And while experts say it is unlikely in the U.S., a bill is in fact being proposed to unplug the Internet. “Legislation granting the president internet-killing powers is to be re-introduced soon to a Senate committee, the proposal’s chief sponsor told Wired.com.” Scary stuff.

iovation, is headquartered in Portland, Oregon, and has pioneered the use of device reputation to stop online fraud and abuse. The software-as-a service used by online businesses assesses risk of Internet transactions all over the world and recognizes if a device such as a PC, tablet or smartphone has a history of fraudulent behavior.  This helps organizations make educated decisions if they want to do business with the person using the device.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses the possibility of an internet crash on Fox Boston. Disclosures