I have been warning you about dangers in the rapidly expanding Internet of things for more than six years. The Internet of Things is made up of a broad range of devices connected to the Internet including home thermostats, security systems, medical devices, refrigerators, televisions, cars and toys. One of the most popular categories of Internet of Things devices is digital assistants, such as Alexa, Siri and Google Home. While they may be tremendously helpful and convenient, they also pose a major risk of being hacked and that risk has gotten worse during the Coronavirus pandemic.
Cybercriminals will hack into your devices that are a part of the Internet of Things to enable them to enlist your devices as a part of a botnet by which they can distribute malware while maintaining their anonymity. However a greater danger is that they also can hack into your Internet of Thing devices, such as your digital assistants to access your home computers to steal information for purposes of identity theft or to implant malware on your home computers. And making matters even worse, with so many of us working from home, cybercriminals are hacking digital assistants such as Alexa, Siri and Google Home as an entryway to your home network and then to your company’s computer network thereby placing both you and your company in danger of a wide variety of cyberattacks including ransomware. Recently, Amazon patched vulnerabilities in Alexa that made it a tempting target for hackers and while those particular vulnerabilities have been patched, all of the digital assistants remain vulnerable to attack in ways that make your home computer and your company’s computers vulnerable to attack, particularly if you do not take proper precautions.
Many of the devices that make up the Internet of Things come with preset passwords that can easily be discovered by hackers. Change your password as soon as you set up the product. Also, it is very important to set up a guest network on your router exclusively for your Internet of Things devices with perhaps its own separate network for your digital assistant. Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding. Make sure that you install the latest security patches as soon as they become available. Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information. Also, limit the amount of information you provide when setting up the accounts for smart toys and other Internet of Things devices. The less information out there, the less the risk of identity theft. Most devices allow you to select options that increase your security and privacy. Finally make sure your router is secure and use its whitelisting capabilities which will prevent your device from connecting to malicious networks.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”