FBI warning on Internet of Things security risks

The FBI has issued a warning in relation to the security risks that Internet of Things devices pose to consumers.

According to the FBI, the main security risks associated with Internet of Things devices are:

  • an exploitation of the Universal Plug and Play protocol (UPnP) – the process when a device remotely connects and communicates on a network automatically without authentication – to gain access to Internet of Things devices,
  • an exploitation of default passwords to send malicious and spam e-mails, or steal personally identifiable or credit card information,
  • overloading the devices to render the Internet of Things devices inoperable, and
  • interfering with business transactions.

The FBI offers tips on how consumers and businesses can protect themselves, for example:

  • isolate Internet of Things devices on their own protected networks,
  • disable UPnP on routers,
  • purchase Internet of Things devices from manufacturers with a track record of providing secure devices,
  • regularly updating Internet of Things devices with security patches,
  • if a device comes with a default password or an open Wi-Fi connection, users should change the password and only allow it operate on a home network with a secured Wi-Fi router, and
  • ensure all default passwords are changed to strong passwords.  Do not use the default password determined by the device manufacturer.  Many default passwords can be easily located on the internet.

Link: FBI announcement