The Internet of Things (IoT)

The internet is filled with threats to everyday web-enabled objects. 
Understand how to securely use the 'Internet of Things'' (IoT) devices at UCalgary and at home.

IoT News
A pile of miscellaneous objects.

What is the IoT?

  • The IoT refers to the network of everyday web-enabled objects that can connect and exchange information. These “smart” objects include more than your average computer, smartphone, or tablet.
     
  • They include items like personal fitness trackers, TVs, thermostats, or connected cars. This list of IoT devices is continuing to grow. 
x

How Does the IoT Work?

  • IoT devices require little to no input from you after their initial set-up is complete. They have embedded sensors, electrical components, and software that collect data and information from their surroundings.
     
  • The data is sent over the Internet to the cloud for processing, where it is shared with other network connected devices through Bluetooth, Wi-Fi, or Radio Frequency Identification (RFID) technologies.

What does an IoT device look like?

1.

  • Intelligent equipment sensors
  • Smart meters (e.g. electrical and water meters)
  • Intelligent motion sensors and air sensors
  • Networked security cameras

2.

  • Corporate vehicle fleets
  • Multifunction devices (MFD) (e.g. printers, fax machines)
  • Smart appliances (e.g. kettles and fridges)
  • Point of sale (POS) systems

3.

  • Modern building control systems (e.g. HVAC, electrical, water)
  • Corporate mobile phones and portable IT equipment
  • Smart watches or fitness trackers

Top 10 IoT Security Tips

1. Change the default password

  • Weak passwords can leave your device vulnerable. Be sure to change your IoT device's default password to a strong, unique password.  If an attacker gains access to a device, they also gain access to all of its data and secrets, and potentially other devices on the same network. 

2. Keep software and firmware updated with the latest security patches.

  • Out-of-date or insecure software can lead to your device being compromised and can create a higher chance of you experiencing a data breach.

3. Encrypt all communications where possible.

  • By default, many IoT devices are not secure which could leave your data exposed to anyone with access. Encryption is critical for IoT security.

4. Change Default Settings.

  • Pre-set (default) administrative credentials to access all configuration settings are usually publicly known. Review and change default settings for such things as services that are not required and disabling or restricting remote management (e.g., Plug and play).

5. Understand what, where and how data is collected, transferred and stored.

  • IoT devices can collect many kinds of data and/or transfer data to third parties automatically. Ensure that you understand what data is being collected and how it is being stored, (hopefully securely using encryption).

6. Avoid using open unsecure networks.

  • Unprotected networks make it easy for attackers to access and run malicious software onto your device.

7. Implement physical security controls to protect devices.

  • Make sure devices are restricted to only authorized users. We often only think about online attackers, but physical public access to an IoT device can be just as dangerous.

8. Turn on IoT device firewalls

  • IoT firewalls protect network-connected devices from unauthorized access and from malicious or unnecessary network traffic.

9. Disable remote management and control of your IoT device if it is not needed.

  • By exploiting a single device, hackers can gain control of entire remote systems and install malware or steal personal information. Compromising a single device can have catastrophic consequences for businesses and individuals alike.

10. Be More Secure - Use IT Services

  • Engaging with Central IT services is your best protection against cyber threat actors if you are thinking about using IoT devices at work. UCalgary IT offers a variety of services to support research and academic requirements.
  • If research related, contact Research Computing Services or email them at support@hpc.ucalgary.ca
  • Always report cyber incidents to Central IT: If you have any cybersecurity concerns, contact IT through UService or with a ServiceNow ticket.