Secure your devices
Te whakamahi i te Whatunga Pūrere Tūhono

Use the Internet of Things securely

The Internet of Things – or any smart device that connects to the internet – should be set up with the same protection you use for your phone or computer.

What it is

The Internet of Things (IoT) is just another name for smart devices – anything that has built-in technology that means it can connect to the internet. For example:

  • home security systems and camera
  • smart watches
  • voice controlled speakers
  • some universal remotes.

How it works

Smart devices can connect to the internet, gather information and exchange data with other devices.

IoT devices either have a wireless chip that allows them to connect to WiFi, or they connect to your router via a cable. They collect data from their sensors, and use software to determine what to do next. In most cases, the IoT device will:

  • connect to a central server, usually owned by the company who makes the device, to get more information
  • compare and send data to other public websites and servers to collect information
  • connect to a messaging server so it can email, text, or call you
  • connect to other IoT devices on the same WiFi to tell them to do something.

For example, a smart refrigerator can scan the barcodes of any food items stored in it. It can then take this information and look it up on the internet to see when the items will spoil. Once it has this information it can send you email reminders to use the food before its expiry date.

Smart devices may contain:

  • software that will need to be updated
  • a wireless chip that can connect to your WiFi
  • a microphone for voice commands
  • a camera for recording or enabling movement commands
  • a near field communication (NFC) chip to detect nearby cards, phones, or other devices
  • Bluetooth to connect to nearby devices
  • other sensors that detect motion, speed, humidity, health metrics, or other data.

The risks

Most IoT risks are to do with privacy and security. IoT devices, such as smart speakers and televisions, are like mini computers. They may contain vulnerabilities that allow attackers to:

  • get personal information, such as usernames and passwords
  • access banks and online shopping accounts
  • gain control of devices to scare or manipulate users.

Not knowing what information is being collected

A smart speaker with voice activation is always listening, ready for you to ask it to do something. Most of the time, you can't tell what information is being recorded, and where those recordings are being sent. Sensory data, voice or video recordings, and personal information collected by smart devices can be leaked or stolen.

Software that loses support

IoT devices can fall out of support quickly, particularly less well-known ones. This means the device doesn’t get updated when the developer finds a problem. It could leave you with a smart device that is vulnerable to attack.

Insecure device configuration

WiFi and IoT devices may be configured so people on the internet can send them commands, instead of only the person who owns the device. This means an attacker could alter your IoT device and use it to attack others or to scare you. This is also called a bot or botnet.

Unauthorised access

How to protect yourself

  • Decide if you really need the “smart” features

    If you don’t need the features that use the internet, disable them. A smart refrigerator should still be able to keep your food cold, even if it can’t connect to the internet!

  • Keep software updated

    Updates don't only bring new features and improvements, they also fix vulnerabilities that can be exploited by attackers. Most smart devices have settings that enable updates to take place automatically.

    If the vendor no longer provides updates, you should consider getting a new device or disabling the smart features.

    Keep up with your updates

  • Change the default password

    In the excitement of unboxing a shiny new , it’s easy to forget that it comes with a default password that might be easily found on the internet. Change the default password to one that is unique and long, and store it in your password manager if you have one.

    How to create good passwords

  • Put the devices on a separate WiFi network

    Most WiFi routers can provide a 'guest' network that can be used to keep your laptop and mobile phone away from other devices you can’t control. Keeping your IoT devices on this guest network prevents them from communicating with your important devices.

    Secure your home network

  • Search for security reviews before purchasing

    Most popular IoT devices have been reviewed by security professionals. You may also find that an IoT device you're about to buy just had a massive security issue. Doing a quick search before you buy can save you a lot of future stress.

Get help

If you’ve experienced an online security issue, your first step is to contact the service provider.

You can also report an online issue or security incident to us at CERT NZ.

Get help now