LG, the Korean tech corporation, recently announced at CES that they intended to put wireless access aka WiFi in every one of their new 2017 devices. One such smart device that is slated to hit homes this year is the LG Smart Instaview Refrigerator. With this great innovation, you can tap the 29” screen to see what is inside of your fridge instead of opening the handle and “wasting electricity.” WiFi is used to power Amazon’s Alexa, which will be inside your. While this may seem like a great step towards an interconnected world with smart cities and homes, we should take a step back and consider the security and privacy implications of sticking IP cameras, or other Internet of Things (IoT) devices on your network.
Some companies just don’t care about WiFi security
Just last week, the United States Federal Trade Commission (FTC) filed a suit against popular network device company D-Link. The FTC is filing suit because those at D-Link “repeatedly have failed to take reasonable steps to protect their routers and [Internet Protocol] cameras from widely known and reasonably foreseeable risks of unauthorized access.”
From D-Link’s end, William Brown, their chief security officer has denied the FCC’s claims. He stated:
“D-Link denies the allegations outlined in the complaint and is taking steps to defend the action.”
Even if D-Link provides acceptable security to its users, many vulnerable devices are still around. One researcher, Robert Stephens, found that his device (a webcam) was hacked within 98 seconds of being exposed to the big, bad, world, wide web. That webcam, a JideTech 720p wireless security camera, was bought by the security researcher and many more unsuspecting botnet participants from none other than Amazon – though the item is no longer listed as available. Such webcams and other IoT devices have been used in Mirai botnets for massive DDOS attacks on network infrastructure.
Remember that WiFi security is ultimately the end user’s responsibility
If you have an internet connected device, you can’t trust the provider, you’ll have to ensure your own device security. Additionally, don’t buy used IoT devices, as those can have their own unique but obvious security issues. This is just like the days of wireless when everyone had open, unprotected, unencrypted wireless networks and you could just as easily use your neighbor’s wireless as your own. IoT security is important because once a malicious attacker has control of one device on your network, they are positioned to attack your other devices.