I recently read an article discussing how our home devices are now a more public target for attackers. All the smart devices in our home are "smart" because they are nothing more than small embedded devices that typically run some variant of Linux. Therefore, any attack against Linux means an attack against your toaster, home security system, HVAC controllers, and yes, your refrigerator and television. In fact, just this morning, my audio receiver notified me of a firmware upgrade that was downloaded from the Internet and installed. Do I now have to start doing regular patch management at my house and running vulnerability scanners to understand my exposure? arghhh.
You may be wondering what you can do to protect yourself.
- Don't hook your devices up to the Internet if you don't need to.
- Segment your network. (I know this sounds funny, but I do this at my house.) My computers are on one network, and my devices are on another. (FYI: AirPlay does not work in this scenario because it will not traverse LANs.)
- Make sure you stay up-to-date on your device's firmware.
- Don't buy "smart" devices? Stick to the good, old fashioned analog versions. (Do I really need a scale to connect to my WiFi? ? Yeah, that's pretty cool.)
What I would like to see is a UL type certification for our smart devices focused on the security of the device and impact to our privacy. After all, someone knows my weight, house temperature, and what I am currently watching, and it's not even the NSA!