Tag: online safety Page 2 of 3

IoT (Internet of Things)

“Augmenting the human experience with a connected world”[i]

“Oh! Sorry I didn’t see you sitting there. It’s my morning break here at work, so I was checking a few things at home. Making sure that I locked the front door and checking to see if we had eggs in the fridge. Looks good. And the dog’s behaving.

So, do you remember back in 2019 when IoT was new and security was sketchy? I figured I didn’t have a lot to lose by installing that smart front door lock. After all, it was nice for the door to unlock when I pulled into the driveway, and then have it auto-lock when I left for work. I could even unlock it for my daughter who dropped by unannounced from out of town. Nice.

At that time, some people weren’t comfortable with the level of cybersecurity in IoT, so they stayed away. Others…they did their homework and only went with devices that were designed from the ground up for security. Smart.”

What’s Involved?

IoT (Internet of Things): “the interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data.” So, many “smart” things are in this category: locks, thermostats, lights, alarms, toys, automobiles, garage doors, sprinklers, IP cameras, refrigerators, or your home DVR. Convenience and utility.

IoT can make your home more secure from burglars by automatically locking your front door when you leave, alert you to someone at your front or back door, make your coffee, turn your lights on and off, etc., etc. What’s not to like, right?

This transformational technology is growing geometrically and is poised for an explosion. IHS Market (a London-based global information provider) predicts that by 2025 there will be 73 billion IoT devices installed[ii]. That’s more than 9 per person on earth! With all these devices connected to the Internet, the bad guys are constantly attempting to gain access in order to steal information and steal your stuff.

Are they secure?

With all these advantages, the question becomes what is the risk of installing a smart device? It turns out that there is a lot NOT to like, IF you are not careful. Alas, most IoT manufacturers have no program for disclosing and reporting security issues. A December 2018 report explains that “90% Of Consumer IoT Vendors Don’t Let Researchers Report Vulnerabilities”[iii]. That could mean that if you are not technically inclined or are not willing to do the homework, you may want to wait until IoT technology is more mature and secure.

Here are some of the issues and possible consequences:

Issue Possible Consequence
No security updates Device could be vulnerable
Weak credentials that can’t be changed Device is vulnerable
A hacked IoT device Allows access to your other accounts on your network, identify theft
Remote (unattended!) enablement of stoves, cookers, microwaves Safety hazard
Self-driving car vulnerabilities Theft, safety concern

“As an example, an IoT thermostat very likely communicates to a cloud server to provide updates and to control the device remotely,” Jett [Justin Jett, director of audit and compliance for Plixer] says. “If the IoT security is robust, but the cloud security is significantly lacking, the entire system is vulnerable.”[iv]

What can you do?

For those who want to enjoy the benefits of current IoT tech, this may be a good time to do a little online research and get a smart lock for your front door or smart LED lights that turn on at sundown and can be controlled from anywhere in the world.

If you decide to take a step into the Internet of Things, remember that your smart device will be part of your local network. So, here’s what you should do.

  • Choose your IoT devices not just based on convenience, but also on security.
    • Smart locks are very convenient, and they are as secure as traditional locks IF well designed and supported.
    • Make sure the manufacturer is actively supporting the device.
    • Keep a “good ol’ fashion” key handy when the keyless remote entry fails.
  • Insist on strong security and check your devices’ configurations.
  • Keep your computer and smart phones updated; they usually share the same network at your home.
  • Install computer virus and malware protection
  • Use multifactor authentication when possible.
  • Don’t use public Wi-Fi without VPN.
  • Only use known devices. E.g., if you don’t know where a USB thumb drive has been, leave it alone.

Here’s an excellent consumer guide for smart home devices, developed by the UK government.

The Future

California has enacted the first law covering IoT and this may drive future federal regulations. “The short IoT bill requires IoT manufactures to equip devices with “reasonable” security measures, appropriate to the function of the devices and to the information they collect or transmit.”[v] The move is toward more security and accountability, which is good for the industry and for consumers…like you.

Spectrum IT

The IT Team at Spectrum works behind the scenes to ensure that your investment and personal information is kept safe and secure. We also strive to make sure that Spectrum’s other teams have access to the information they need, enabling them to make the best timely decisions possible for you.

[i] “The next chapter of IoT is just beginning as we see a shift from digitally enabling the physical to automating and augmenting the human experience with a connected world,” says Carrie MacGillivray, IDC. https://www.idc.com/getdoc.jsp?containerId=US44390618

[ii] IHS Markit, The top transformative technologies to watch this year, 2018 (PDF, 16 pp., no opt-in)

https://www.marketwatch.com/story/7-ways-to-keep-your-smart-home-from-being-hacked-2016-10-17

[iii] https://www.forbes.com/sites/daveywinder/2018/12/13/the-silence-of-the-brands-90-of-consumer-iot-vendors-dont-let-researchers-report-vulnerabilities/#4f60977d9c88

[iv] https://www.scmagazine.com/home/security-news/lightly-secured-cloud-with-a-chance-of-iot-attacks/

[v] https://www.scmagazine.com/home/opinions/californias-new-iot-security-law-is-not-nearly-enough-we-need-a-gdpr-for-iotnow/

When you’re away, do your apps play?

Would it make you uncomfortable if your children or your neighbor grabbed your smart phone and started looking around?  Probably not, but what about a complete stranger?  This is often what happens when you download an app from app stores without doing some due diligence.  Many apps ask for you to open doors they have no business accessing.  This can open up your phone to more then just an app you thought you could trust.

Official app Stores vs. third party app stores

Apple® AppStore and Google Play™ are the two biggest official app stores. You can go there to download mobile applications for your iPhone or Android device.

Are they safe?  Apps in the official app stores usually follow strict development criteria. The official stores also test the applications for malware.  This is the safest place to get apps.

Third-party app stores may not use the same level of scrutiny toward the apps they allow to be listed in their app stores. Third-party app stores might offer plenty of safe applications. But there’s also a higher chance they might offer dangerous ones.  Third-party app stores should be avoided as much as possible.

Certain categories of applications were also more likely to contain malware.  Arranged by likelihood:

  1. Lifestyle apps
  2. Music and Audio
  3. Books and Reference
  4. Entertainment
  5. Tools

Grayware apps

Many apps contain grayware.  This is a term used to classify apps that behave in an undesirable manner, but not classified as malicious malware.  A common type of grayware is mobile adware which contains popup ads in your phone’s notification bar.

Symantec reported a 20% increase in grayware application variants recently, for a total of 3,655 types.  Norton research shows that more than 60% of Android apps contain adware or other grayware.  Of these:

  • 63% were found to have leaked the device’s phone number
  • 37% leaked device location
  • 35% leaked installed application information

There are security apps such as Norton Mobile and Trend Micro Mobile Security that can protect your phone from malware and annoying grayware, but perhaps the best thing to do is understand what happens when you install a new app.  Many potentially unwanted app behaviors are written on purpose and documented in the app’s user agreement.  Reading app disclosures and agreements before installing is the best practice.

When an app first installs, it asks you for permissions.  To combat grayware, you should question what an app really needs permission to do.

Does your new weather app really need permissions to access your contacts and calendars?  Often when prompted for access you should just say no.

Permission to Do What?

There are hundreds of types of permissions, and many apps ask for more permissions than they need.  Most people don’t know what they mean. They just enable everything.  This is a bad practice.  You should disable everything unless you know why the app needs it.  The more restricted you keep your apps the safer your data will be.  Here’s a list of a few of the most common permissions:

  • Storage: modify/delete storage contents – apps that store pictures and video will require this.
  • Network communication: full access – many apps need to access the internet, this often relates to ads as well
  • Your location: network-based – weather and travel apps, free games, often contain ads so they can deliver targeted ads based on your location.
  • System tools: prevent device from sleeping – usually means that when you’re using the app, it will keep your phone from going to sleep or from entering into a reduced power mode.
  • Your personal information: read contact data – most social media or messaging apps will request access to your contact information
  • Root: super user access – When an app asks for root access you should seriously consider whether it needs super user access.  Firewalls and backup apps often require root access.  Most apps don’t

Android vs IOS which is safer?

There are millions of apps available for download.  There are twice as many apps on the Google Play store then on the Apple® AppStore.  The number alone at Google Play makes it a more dangerous place to find apps.  If the app is available for iPhone and Android there is a higher probability that it is safer, but no guarantee.

There’s no doubt Android is a bit more of a risk than iOS, but, with the right precautions, it can still be a safe platform. If you must install apps from anywhere on an Android phone, at least do everything you can to ensure they’re safe before you let them loose on your contacts, messages and social media accounts. Install a scanning app such as Norton Mobile Security,  or Google Play Protect and use it wisely on new downloads to prevent any malicious activity.

What about Jailbreaking my phone?

Sometimes an app developer does not play by the rules and the only way to get the app to the public is to recommend jailbreaking your phone.  Jailbreaking your device frees the OS to run unapproved applications.  The process of jailbreaking is legal but it’s not a good practice.   Jailbreaking allows unapproved code, voids your warranty, and can cause stability and security concerns.

Also, if your company issues you a work phone this would generally be prohibited.  Most companies have policies for what you can do with their phone when using it for work.  Unless you’re a tech guru and the risk is worth the reward, jailbreaking is a bad idea.  I refuse to do this on my personal devices.

Is this app Secure?

Apple® AppStore has made it mandatory for all developers to require new apps use a secure connection such as https.   The Android developer platform has also just finalized this process in 2018.   Still, older grandfathered apps exist on app stores that were original approved using unsecure http.  So, check the reviews, and check the date of the last review.  If its 3 years old, perhaps its time to look for a better solution.  Also, it is a good practice to update your apps anytime there is a security update.    A trendy app is no longer great if your connection to their server is compromised on public Wi-Fi.  So, stick to the Official app stores and update your apps often.

Does Spectrum Financial have an app?

I’m glad you asked!  Now would be a great time to download the Spectrum Access app available at both the Apple® AppStore and Google Play™ It’s a secure way for our clients to view

  • Aggregation of all household accounts
  • Account Activity, holdings, and balances
  • Performance Summary
  • Quarterly Statements
  • General tax and beneficiary reports
  • Invoices

Page 2 of 3

Spectrum Financial, Inc 2023