Search
  • Robert Narducci

The IoT or "It's Out There!"

I know, I know, you are saying to yourself, "Bob, IoT is the acronym for "Internet of Things," not "It's Out There." Well, you would be correct on half of that assumption but not right on the other half. You see, the IoT is out there, and we all have a hand in it. By the billions, these devices are as ubiquitous as the air around us, and we use them in our everyday life without a second thought, unless, of course, they don't work! In fact, these devices are so prevalent that, according to Vailshery (2021), the number of devices will approach 31 billion by around 2025.


https://www.statista.com/statistics/1101442/iot-number-of-connected-devices-worldwide/#:~:text=IoT%20and%20non%2DIoT%20connections%20worldwide%202010%2D2025&text=The%20total%20installed%20base%20of,that%20are%20expected%20in%202021.

Now, this is where the rub is. All of those devices are connected to the Internet. A more significant number than we would ever care to admit are connected without any real thought regarding security or lack thereof. Whaaaaaaat? Security? What are you talking about? They connect, and everything is fine! Right!? Ummm, see below.


That's right! This very reason makes it the Wild Wild West and a hacker's dream come true. Devices are connected with nary a bit of security or with some security so weak as not even to pose a challenge to the hacker neophytes. So you may be asking yourself, security? Weak security? But how so? Well, Young Grasshopper, I will attempt to enlighten you on this.


Just as your computer has a user id and password, so do the devices connected to the Internet. Devices such as your refrigerator, television, smartphone, washer and dryer, printer, PlayStation, Switch, and others. Get the picture? Everything is connected in some form or fashion, and this is happening at an exponential rate. Now, these devices come out of the box already configured with a user id and password, albeit a user id and password that is pretty weak, and with something along the lines of admin/password or something just as equally vulnerable.

This is where the problem begins as hackers out there will prey upon connected devices with weak authentication credentials. Once they can access the device, they can access the network that your device is connected to, and voila, they can get access to all of your personal stuff. Personal stuff such as pictures, passwords to other sites such as your bank, retirement account, or Prime, and you have given them this access because you left the door unlocked, so they walked right in!


This brings us to what you can do to harden your personal network's security and all of the devices connected to it. The first thing you would want to do is change the user id from the default value that came with the device to something more robust, but the biggest thing you will want to do is change the password from the default that the device came with. With that, I outline specific password creation guidelines, which when followed, will help mitigate the possibility of a successful hacker attack. Now I want to add a caveat to this though, no user id or password is foolproof, but they can be complex enough that the hacker gives up and moves on to something simpler.


1. Password should be at least eight characters in length.

2. Password should include one or more numeric digits.

3. Password should include a special character(s), such as $, %, #, etc.

4. Password should not use consecutive numbers or letters, such as 1234 or abcd.

5. Passwords should not be reused if they have been used the past three times they have been changed.

6. Password should have no personal information of any kind, such as your name, address, telephone, birth date, social security number, license number, etc.

7. The password needs to be changed at least every 90 days or sooner if you are so inclined.


Keep in mind; the longer and more diverse the password is, the more difficult it will be to crack. To illustrate how complexity increases the amount of time it takes to crack a password, a seven alpha character password can be cracked in .19 milliseconds, whereas a twelve character alphanumeric character password could take 8,800 years to crack. You can read further about password cracking times here, and actually try it out yourself by entering different types of passwords to see the amount of time it would take to crack them.


https://www.betterbuys.com/estimating-password-cracking-times/


So remember "It's Out There." All of your connected devices silent, to lie in wait for the next network interloper to take them over. Go! Go now and change your user ids and passwords on all of them. Please do it now! Not later! Now! It is you and you alone who is responsible for your network and its security. Please don't assume that someone else will take care of it or that nothing will ever happen to you. If you think that, just read this article:

https://www.finance-monthly.com/2019/09/the-worst-and-weirdest-iot-hacks-of-all-times/.


Things can happen, and always at the most inopportune time. So take care of it now, you will be glad you did!


19 views0 comments