While in some cases, internet connected devices such as Ring cameras (and other WiFi connected cameras), smart thermostats, and streaming devices like Chromecast and Firestick have been hacked due to vulnerabilities associated with the device in question, most of the time an attacker gains access to these devices via unauthorized access to the users account. Users of internet connected devices typically reuse their account credentials on multiple devices and services. This significantly increases the likelihood of an attacker being able to access your account. In the case of Ring devices, all an attacker needs to do is find a target who has had their credentials listed in a data breach, use the victims leaked credentials to log into their Ring account, and then they can access the victims Ring device.
Luckily for us, it’s pretty easy to safeguard your devices against these types of attacks. Doing the following will significantly make it harder for an attacker to access your internet connected device:
- Enable Two Factor Authentication (2FA) – This serves as an additional safeguard which prevents an attacker from accessing your device or account even if they have your password by forcing the attacker to prove that they are in fact the account holder by providing an additional security code, bio-metric data, token, etc…
- Avoid password reuse – When data breaches occur, compromised credentials are sold or are listed for the public to see. By avoiding password reuse, you significantly lessen your chances of having your account accessed by a malicious individual as they’d need to know every password you have to log into every account you own which is easier said than done if you use a strong and unique password for each account/service.
- Change your devices default password – Many internet connected devices have a default password which is used to initially set the device up. These password are widely known and are publicly listed. The purpose of the default password is to make it easy for device owners to setup their device and or to provide them with an easy way to access the device if it’s restored to it’s factory settings. Because of those reasons, the default password is not complex by design. This means that device owners need to update the default password of their device after it is set up to avoid hackers from simply accessing the device with the default credentials.
You can significantly improve the security of your internet connected devices by following the above three steps. Have any questions about internet connected devices (often referred to as IoT or Internet of Things devices)? Contact us and we’ll be glad to answer your questions.