IoT Remote Access & Security
With more and more IoT devices being introduced every day, it's important that you pay close attention to device security, including firmware/software updates, network connections, password management and remote access.
IoT is defined as the "Internet of Things." IoT devices include but are not limited to anything that connects to the network or Internet. This includes networking devices like routers and firewalls and smart home products like smart hubs, WiFi smart devices, IP security cameras, NVRs (video recorders), security alarm systems, voice assistants, and more.
In particular, we want to draw attention to the practice of "opening ports" or "port forwarding," which directly exposes devices to the Internet, which may make them convenient, but may also make them attractive targets for remote hacking and malware campaigns.
When you're away from home, you undoubtedly want to check in on security cameras, security systems, door locks and other smart home devices. Doing so is convenient, can help increase security and provide peace of mind. However, you need to be careful how you provide remote access.
There are essentially three ways to provide access to your devices remotely: Port Forwarding, VPN connection and cloud or P2P style connections.
PORT FORWARDING involves making a "rule" in your Internet router or modem that directly maps a "port" to your network-connected device on your internal network.
What's a port? Using the analogy of an apartment building, the building address would be the Internet address of your house, and the apartment number would be the port. Port 80 is the port for web browsing. Port 443 is the port for secure web browsing, and so on.
Port forwarding directly exposes your device to the Internet, meaning that anyone can connect to your device from anywhere in the world. If they guess your password, they can access your device. Bad people can then use brute force password guessing bots, known back doors, or security holes in your devices to gain access or take control of your device.
VPN or Virtual Private Network establishes a secure and encrypted connection from one Internet location or another. VPN connections used to be for connecting remote office networks, but these days it's used to provide secure remote access for home workers or shield connections from prying eyes. It takes much more tech-savvy to set up a remote VPN connection to your home or office, but as long as the VPN connection is set up correctly, it's a secure way to access your home or work network remotely, just like you were there. It can also be set only to allow access to specific devices or resources.
CLOUD P2P is a method of remote access used by most new devices. Smart hubs, security cameras, NVRs, WiFi switches and voice assistants use cloud P2P (peer-to-peer) technology. With this type of remote access, you register an account with the cloud provider, add your device by some sort of ID or QR code, and you're up and running quickly. It's by far the easiest way to set up remote access, and people outside your home or work won't have direct access to your devices since you aren't opening up Internet ports.
The way it works is that your smart device "calls out" to connect to the cloud service, so you don't need to connect to your home network over the Internet. Instead, you connect to the cloud service with your username and password. Make sure to use a strong and unique password on cloud accounts and turn on multi-factor authentication where available. Good cloud services will also send alerts when a new login is detected from different locations or devices.
It's critical to choose a strong and unique password for any device, account, or login. It's tempting to re-use the same password for convenience, but if someone figures out your password, you've given them the keys to multiple places.
Choose a long and random password with a mix of upper and lower case letters, numbers and symbols. Avoid things people can easily guess like family names, birth dates, things you post on Facebook, etc. You should also think about those security challenge questions and answers. If you are constantly posting about your kids, school and vacation plans or favourite movies, then those are probably not good choices for security challenge questions, right?
MFA or 2FA
2FA or Two Factor Authentication or Multi-Factor Authentication (MFA) are another way to provide an extra layer of security. The idea is that instead of relying only on a password, you need to provide some other form of identification. It could be that the system sends you a text message to your cell phone with a time-limited code that you have to enter, or you might receive a code by email. In some cases, you may use an "authenticator" app on your smartphone that produces a code that changes every minute. So this way, even if someone gets your password, they will still need to take this extra step before accessing your device or account.
Firmware is the code that runs your device. Sort of like Windows or Linux is to a computer. In fact, many smart home devices are running a version of Linux. We know it's important to update Windows to take advantage of new features and plug gaping security holes, right? Well, the firmware running your home's router, security camera, or NVR should also be kept up-to-date to fix security issues.
This one is a bit of a touchy subject because just like updating Windows can cause problems, updating firmware can "brick" or render useless an IoT device. So you need to be careful to make sure you get the correct firmware for your device, that you understand how to perform the upgrade, and make sure you keep the device connected and powered up while updating. Never interrupt the process!
When in doubt, seek out a pro. We don't offer firmware update support, and unfortunately, many manufacturers will not warranty a device that has broken due to a firmware update gone wrong.
Until now, we've discussed remote access, but local network access is also a consideration. If your home network is only used by yourself, this might not be an issue. But if you share your network with other people, invite guests onto your network, or in the case of a business network, you should consider which devices are available to others. You may want to put guest users on a guest network that doesn't let them access important devices. You may also consider using a VLAN to control who can access certain devices.
The intent of this article is not to scare you away from using the Internet, remote access or security devices, but rather, to educate and provide some food for thought. We still go out in the rain, but we might use an umbrella or wear a raincoat. We don't stop using computers, but we should definitely keep them updated and secure. By the same logic, you should consider how you're using IoT devices and what access you're providing to them.
Disclaimer: This article discusses some considerations, but it is far from an exhaustive security guide, nor should it be construed as professional advice. Rather, we recommend users engage with an IT or smart home security professional.