Blog: Consumer Advice
Consumer advice for buying smart IoT devices this Christmas
Rightly or wrongly there’s plenty of fear, uncertainty, and downright doom associated with the IoT and devices.
So, is it safe to buy these things as gifts or even as a treat for yourself this year? In our opinion it probably is, as long as you follow some basic advice.
What can you do?
Do your research. Ignore articles and influencers that are clearly shills for vendors and manufacturers. Definitely be suspicious of ‘best buy’ recommendations from outlets. We saw a recent recommendation for a remotely exploitable connected camera we identified a couple of years back, scoring it as the most secure camera of the bunch being reviewed.
There are a couple of good resources:
- The Mozilla Foundation does a good job of testing a bunch of smart stuff every year
- IoXT publishes lists of products that they think are suitably secure
Another way is to search online for the product you’re interested in plus the words hack, hacked, vulnerability or similar. See what you find.
Look for familiar brands
We’re often asked which brands are better than others in terms of security. I can’t answer that but what I can say is that big brands often have the resources to fix security issues when they’re found.
Start-up businesses often don’t have the funding to fix security bugs so they can go to the wall over security issues. This means that consumers end up using hackable or non-functional smart junk.
When manufacturers say “we take cyber security seriously” what they often mean is “we won’t take it seriously until our reputation is at stake”. Those with the financial resources (and good conscience) tend to invest in security and fix issues.
Play your part in cyber security
Don’t use the same password for all your accounts and logins. This is password re-use. If your data has been leaked from just one hack of any of those companies, it means that all of your accounts are vulnerable to hackers.
Sensible cyber security is having a different password for each and every account that you have.
Password re-use can result in your smart stuff being hacked. If you re-use passwords it’s not the manufacturer’s fault, it’s yours. That said, they could help mitigate this by forcing you to use multi factor authentication, using an app on your phone.
Play your part:
- Use a password manager
- Use a multi factor authentication app too
Update everything
Keep your smart device apps up to date. Updates can add extra functionality or unlock new services. Most importantly though they fix security problems being found in the device. If you don’t update your apps, they may be hackable and it’s not the manufacturer’s fault.
Although some well-known brands manage updates for you automatically, it’s important that you regularly review your apps for updates.
How long is the product supported for?
It’s unlikely that your smart device will be supported forever, or even for its usable lifetime when wear and tear make it start to fall apart. That’s not the manufacturer being unreasonable though.
They can’t be expected to forever bear the significant cost of hosting the platform that runs your device if there isn’t a subscription to help pay for it.
Hive, the smart heating vendor, got some stick for announcing that they would end support for their smart cameras in 3 years. Good on them I say as they’ve been open and honest, unlike many other IoT vendors who simply terminate their products randomly. With little or no notice consumers can end up being forced to live with expensive smart junk.
I would be far more trusting of a manufacturer who stated that their product will be supported for X years than one who made no commitment.
Coming regulation in the UK (PSTI Bill) and the EU will force manufacturers to be open and honest about product support.
Smart stuff can be great
It’s frustrating when I see whole classes of smart device dismissed as a result of a vulnerability in one brand. Be wary of scaremongering articles, there are plenty of robust, secure IoT devices on the market.
Smart stuff can also be really beneficial, I’ve made significant savings by having a smart heating and lighting system, as have many others. The elderly can live more independently for longer using smart devices. Healthcare can be hugely improved using continuous and connected diagnosis and monitoring.
Smart stuff can be life-enhancing. Let’s not throw away the benefits because a small number of manufacturers don’t take security seriously. Buy secure devices, and support manufacturers that do it right.