SECURITY
72 MARCH2020|COMPUTERSHOPPER|ISSUE385
O
urhomesarenow full of smart
devices,from TVsandspeakers to
security cameras.While thesedevices
canmakelifeeasier forus, they’reall effectively
computers runningan operating system.
Typically,securityhasn’talwaysbeen of the
highestpriorityformanufacturers ofthese
devices, opening uptherisk thatoneof these
deviceswillbecompromisedbycybercriminals.
Havinganydevice inyour home hacked
canposebigrisks.Takeacamera,forexample.
Ifoneishacked,it meansthat people canspy
onyou in yourownhome.Camerascanbe
everywhere:even theFBI has warnedpeople
tosticktape overtheir smartTV’swebcams,
asitbelievesthat there’sareal risk of these
devices beinghacked.
The seconddangeris thatahacked device
cantakepart in abotnet,performingattacks
onothercomputers ontheinternet.We’ve
alreadyseen theexampleof Mirai,which
infected600,000IoTdevicesatitspeak,
including themin acriminalbotnet.
Finally,acompromised device onyour
homenetwork canbe usedtoprobeand
attackotherdevices,often withgreater effect
astheoutside protectionof your router’s
firewall hasalreadybeen bypassed.
PLUG AND PREY
Protectingconnecteddevices isn’tas
straightforward asitiswithalaptopor
desktopcomputer, whereyoucaninstall
softwaredirectly.Ineffect,you’restuck with
anycontrolsthat adevicehas available on
it,and that’sit. That doesn’tmean you’re
withoutoptions, however,andwecanshow
you howtomake yourhome network safer.
First,it’simportanttounderstand abit
about howdevicesconnectto theinternet.
Withallhomebroadbandconnections, your
home hasasingle internet-visibleIP address
(sortof likeapostaladdress).All deviceshave
to sharethisusingatechnology calledNetwork
Address Translation (NAT).
Whenyouconnect toaservice online,such
asawebsite,you useaTCPportnumber.For
example,standardwebsites areonport80,
and secureHTTPSwebsites areonport443.
Whenadevice makes anoutboundrequestto
awebsiteonport80,therouterassignsareply
portnumber.Anydata thatcomesbackon
that portissent totherequestingdevice.
Inthisway,youcanhavemultipledevices
usingthesame internetconnection, without
everything getting muddledup.
UsingNATadds anextralayerof security,
too. Noneof yourcomputers ordevicescan
beaccessed directlyfrom theinternet:a
randomincoming requestonarandomport
won’tforce theroutertosenddatathrough.
What aboutdevicesthat need toaccept
incomingsignalsfromoutside,such asa
networkcamerathat youwanttocontrol
remotely? Inthiscase,you needtoset upa
permanentway forthis to happen.Port
forwarding isamanual option,where you tell
therouterwhere tosenddatathat comesin on
aspecific port. Forexample,you could setup
your hometoaccept incomingconnections on
port8080togo toan internalwebserverthat
you’rerunning on aWindows PC onport80.
Portforwarding canbefiddlytosetup,
butthere’salso atechnology called Universal
Plug andPlay(UPnP).Withthisenabled,
devicesinsideyour home can automatically
configuretherouterforportforwarding
withoutyouhavingtodo anything.That saves
time, butitalso meansthat UPnP canmake
devicesinternet-visible andopentoascanor
attack: anattackercanscanyourinternetIP
address toseewhichportsrespond.
WithMirai,forexample,thebotnetlooked
forinternet-connecteddevicesthat were
vulnerable.It specifically looked forLinux-
basedsystems,which includesmany smart
devices,andthen tried thedefaultusername
and passwordtogain access totheoperating
system,whereitcould then takeover.
SECURE YOUR HOME
YOUR HOMEISN’T JUST FULLOFTRADITIONAL COMPUTERS (INTERNET?CONNECTEDSMART DEVICES
AREJUSTASVULNERABLETOATTACK, UNLESSYOU TAKE OURSTEPS TO PROTECTTHEM
ABOVE:Smart devices may make lifeeasier, but they
also increasethe security threats we face
ABOVE:NATlets multiple devices share asingleinternet address
Localnetwork
(PrivateIPaddress
192.168.X.X)
Router/NATdevice
Default gateway
192.168.1.1
192/168.100.3
192/168.100.4
192/168.100.5 (PublicIPaddress)145.12.131.7
THE
INTERNET
