The Futurum Group's Statement on Israel

Educating Customers About Home IoT Network Security

Telecommunications Companies Can Elevate Their Role from Vendor to Trusted Advisor

The News:

The advent of smart hubs, wireless routers, and a plethora of consumer-grade internet-controllable devices has created a dangerous situation for both customers and telecommunications companies. Many of the Internet of Things (IoT) devices connected to home networks are equipped with little or no network security controls, leaving the users, their home networks, and even the broader internet community vulnerable to attack. Identifying the types of devices and security protocols that are particularly vulnerable, telecommunications providers can educate their customers on these dangers, strengthen the security around their network endpoints, and even generate incremental revenue through the sale of network-safe devices. Most importantly, they can improve their users’ overall customer experience, and elevate their role from vendor to trusted advisor.

Educating Customers About Home IoT Network Security

Analyst Take:

Most IoT devices shipped from the factory are inherently vulnerable to attack, and as a greater number of novelty devices include IoT connectivity, consumers must take the proper steps to secure these devices and their networks, to protect themselves and other users from malware, viruses, and other security intrusions.

Indeed, hackers can utilize techniques known as sniffing and encryption cracking to intrude into a home network. With sniffing, hackers hijack any packet of data transmitted between an IoT device and a router, transfer it onto their device, and use brute force to decipher it, often in only seconds or minutes. This can lead to hackers remotely controlling smart lights and thermostats, smart TVs, and other appliances, unlocking IoT-enabled exterior doors and garage doors, and remotely turning on and accessing video from smart cameras. Further, if these IoT devices are connected to the same internal home network as laptops or computers, it may be possible to intercept and steal sensitive data, such as personal data, financial information, and anything else stored on the network if secondary security measures have not been deployed.

Personal Data Can Be at Risk on Home IoT Networks

Data that is stored on devices connected to an unsecured or vulnerable home IoT network can be at risk of being stolen, and then used for identity theft and fraudulent transactions. In addition, smart devices that contain personal data, including seemingly innocuous devices such as servers containing music or photos, can also contain data that provides a physical trail of users’ whereabouts, thanks to geolocation data and purchasing data. Savvy hackers can identify behavior patterns or correlate this data with other personal information to create a virtual profile of an individual, which may leave the user vulnerable to not only digital crimes, but physical ones as well (such as ascertaining when the user is away from home, leaving them vulnerable to a burglary).

Relinquishing Device Control to Hackers

Smart devices without the adequate security controls enabled can also be hijacked, surrendering control to an attacker, letting them manipulate the device and spoof the communication between two ends, which could also result in control over the entire home network. In addition to nuisance issues (such as turning up a thermostat too high), an attacker could unlock connected doors, shut off security cameras, or even potentially disable connected alarms.

Identifying the Risks with Connected Devices and Unsecured Networks

Two major flaws in connected homes make them susceptible to these attacks, including weak IoT-enabled devices and unsecured and vulnerable local networks. Smart home devices can be particularly vulnerable to attacks because they are special-purpose devices, and many of these vendors fail to provide the required special-purpose security solutions. In addition, these devices often use operating systems such as INTEGRITY, Contiki, FreeRTOS, and VxWorks, whose security solutions are neither as robust as those of Windows or Linux-based systems, nor can security defenses be updated to manage the evolving cyberattack techniques and tools.

Similarly, many users implement local home networks without implementation of the proper security protocols. Wi-Fi networks can be vulnerable to attack due to the use of default or weak SSIDs, the use of default or simple passwords, and weak encryption protocols. Failing to update credentials from the default settings is the digital equivalent of leaving a home’s front door wide open with a sign that says, “Help yourself to everything inside.”

Whenever possible, users should use Wi-Fi Protected Access (WPA) security protocol, or WPA2, the second-generation of the protocol, to connect devices to the router. WPA and WPA 2 are more secure than the weaker Wired Equivalent Privacy (WEP) protocol often set as the default protocol on many devices. If the devices a user wants to connect do not support WPA or WPA2, they should not be used, or should only be connected to a wireless network that is not linked to a network that is connected to IoT-connected computers, doors, lights, thermostats, or appliances.

Users should also enable two-factor authentication, where a device requires an additional verification via a mobile or authenticator app, which significantly reduces the ability of hackers to manipulate devices. Firewalls can be used to segment non-critical IoT devices from critical ones, and let the user manage the security level of individual connected devices. Firewalls can also be configured to send notifications to the host when any anomalies in the network or devices are detected.

Finally, it is important to periodically check and update the firmware of routers and IoT devices to ensure the latest security protocols are active.

Telecommunications Service Providers Should Take the Lead with IoT Device Education

As telecommunications providers often provide the hubs or routers used to connect these devices in the home, they are in a unique position to serve as a trusted authority on IoT home security. They can provide education around the devices to watch out for (largely novelty items such as string lights, or inexpensive gadgets or appliances that do not include on-device security protocols).

Telecommunications companies can also provide explainer tutorials on how to set up and configure their home networks to be as secure as possible, and should also provide a way for customers to easily get help from a virtual assistant or live technical support representative if they have an issue or additional questions. Finally, communications services companies can potentially add incremental revenue through the sale of vetted IoT devices that employ the proper security controls.

These final two steps are opportunities to not only help secure the homeowner’s network (and prevent intrusions that could, in theory, help spread malware and viruses around the web as a whole), but also improve engagement with customers and demonstrate that the telecommunications provider is a trusted advisor and resource.

Author Information

Keith has over 25 years of experience in research, marketing, and consulting-based fields.

He has authored in-depth reports and market forecast studies covering artificial intelligence, biometrics, data analytics, robotics, high performance computing, and quantum computing, with a specific focus on the use of these technologies within large enterprise organizations and SMBs. He has also established strong working relationships with the international technology vendor community and is a frequent speaker at industry conferences and events.

In his career as a financial and technology journalist he has written for national and trade publications, including BusinessWeek, CNBC.com, Investment Dealers’ Digest, The Red Herring, The Communications of the ACM, and Mobile Computing & Communications, among others.

He is a member of the Association of Independent Information Professionals (AIIP).

Keith holds dual Bachelor of Arts degrees in Magazine Journalism and Sociology from Syracuse University.

SHARE:

Latest Insights:

The New AI Ready Training Commitment Comes as Amazon Is Expanding the Worker Upskilling Efforts That It Began in 2019
Todd R. Weiss, Senior Analyst with The Futurum Group, shares his insights about the move by Amazon to provide free AI skills training to 2 million workers by 2025 as the company broadens previous worker upskilling programs that it started in 2019.
Bolster Business Resilience with AWS’s Automated Disaster Recovery Solutions
Krista Macomber, Senior Analyst at The Futurum Group, shares her insights on the addition of automated restore testing for AWS Backup and disaster recovery (DR) validations for AWS DRS.
Hammerspace and Vcinity Announce Partnership to Accelerate Data Movement
Mitch Lewis, Research Analyst at The Futurum Group, shares his insights on a joint solution from Hammerspace and Vcinity that was on display at SC23.

Latest Research:

In our latest Research Brief, Acknowledging the Impact of Agent Experience on Customer Experience, completed in partnership with Local Measure, we discuss the drivers of agent frustration and burnout, the benefits of implementation new technology such as AI to better support agents and enable greater automation, and the advantages provided by the use of a modern, cloud-based contact center solution that can integrate and activate technology that creates better experiences and outcomes for both agents and customers.
In our latest Research Brief, Driving Revenue, Customer Loyalty, and Retention via a Modern Contact Center, completed in partnership with Local Measure, we discuss the reasons why so many contact centers fail to deliver results, the need to support a modern customer journey and lifecycle, the use of modern tools and approaches to deliver CX efficiently, and how to convert positive agent experiences into increased customer satisfaction and loyalty.
In our latest Market Insight Report, Private 5G Networks – MSP Specialists, we take a deep dive into why private 5G Networks are gaining momentum as enterprises prioritize coverage, performance, and security factors that MSP specialists are increasingly fulfilling.