![\"\"](\"https:\/\/blog-en.webroot.com\/wp-content\/uploads\/2019\/02\/22160146\/iot-toaster-1024x556-1024x556.png\")
<\/figure>\n\n\n\nImage source: Screenshot from <\/em>Toasteroid YouTube<\/a>.<\/p>\n\n\n\n The underlying issue with the new and accelerating trend of\nbuying more and more IoT devices is that the average consumer has little to no education\nabout security when shopping for these devices. Even manufacturers can be blind\nto or willfully negligent of the security\nissues inherent to their IoT devices<\/a>. It\u2019s all about coolness and convenience\u2014and\nthat\u2019s the trap.<\/p>\n\n\n\n Many IoT devices have little to no embedded security, and there\u2019s\nlittle incentive for designers to consider it. One reason for that is a lack of\nthird-party standards for evaluating IoT security. Until now, the focus has\nbeen on producing a viable product that\u2019s functional enough to get consumers to\npurchase it at the right price. The \u201cright price\u201d is usually as inexpensive as\npossible, and so some quality is sacrificed. <\/p>\n\n\n\n With IoT devices, that sacrifice usually comes at the\nexpense of security vetting in the design process. As a result, one of the\nbiggest trends we see with cheap IoT devices is a complete and total lack of\nsecurity. It\u2019s just not something that stands out in marketing materials, so\nmanufacturers don\u2019t promise it and consumers don\u2019t demand it. <\/p>\n\n\n\n That\u2019s why care is required when shopping for new IoT\ndevices\u2014especially cheap ones. IoT devices like smart thermostats, smart\ndoorbells, et cetera, usually feature competing products with varying functionalities\nand prices. It\u2019s common to peruse the fanciest, most expensive devices, and\nthen purchase an off-brand device that offers similar functionality at a much\nlower price.<\/p>\n\n\n\n Vendors have flooded the IoT market with devices that have so-called \u201chardcoded passwords.\u201d This means that, when setting up your device, the password given to you in the instructions is the same password for every device of that model and can\u2019t be changed. Even if the device allows you to setup a custom password, the hardcoded password will still work to log into the device. <\/p>\n\n\n\n This is basically the opposite of security. It served as the principal attack vector for the infamous Mirai botnet<\/a> attack a couple years ago. It\u2019s also how hundreds of thousands of routers have been hacked<\/a> to mine cryptocurrency. Even premium IoT devices like Google\u2019s Nest are subject to attacks<\/a>, but when properly set up and used\u2014as in by setting up two-factor authentication and not reusing their compromised credentials\u2014they tend to be safer than their knock-off counterparts. <\/p>\n\n\n\n It\u2019s clear now that internet-connected devices will be a\npart of our lives for the foreseeable future. They will help run our cities,\npower our grids, and yes, manage our homes. But we must be aware of what we are\nconnecting in our home and the security of each device. Vendor regulation will\nalso need to play its part, something already underway in California<\/a>, but there\nis plenty more ground to cover and no time to wait. For now, it\u2019s on the\nconsumer to scrutinize the IoT products they bring into their home, and\nsecurity should be high on their checklist. <\/p>\n\n\n\n Make sure that any internet-connected devices you buy allow\nyou to create custom passwords, as a start. It\u2019s also wise to only shop from\nreputable vendors.<\/p>\n\n\n\n Taking caution will help ensure that your smart home isn\u2019t an easy target for cybercriminals.<\/p>\n","protected":false},"excerpt":{"rendered":" \u201cInternet of things\u201d (IoT) is a term that\u2019s becoming increasingly commonplace in our daily lives. Internet-connected devices are being designed and implemented at a rapid clip, especially in our own homes. The internet is not just at our fingertips anymore, but also at our beck and call with smart speakers and digital assistants. It\u2019s easy […]<\/p>\n","protected":false},"author":21,"featured_media":27273,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2985],"tags":[],"yst_prominent_words":[23327,13347,3615,3517,5405,24023,3489,23955,21065,5459,6371,13351,4933,5797,24025,23953,3479,8015,5463,23951],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26863"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=26863"}],"version-history":[{"count":4,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26863\/revisions"}],"predecessor-version":[{"id":27469,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26863\/revisions\/27469"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/27273"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=26863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=26863"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=26863"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=26863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Be wary of Unsecure IoT<\/h2>\n\n\n\n