The Bureau this week issued a public service announcement regarding cybercrime opportunities posed by the connecting of all sorts of data-enabled devices, from medical gear to entertainment gadgets, to the Internet.
"As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors," the FBI warns. "Similar to other computing devices, like computers or Smartphones, IoT devices also pose security risks to consumers."
The FBI cites "deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness," with giving cybercrooks an opening to plot attack and steal information.
The Universal Plug and Play protocol (UPnP) is particularly vulnernable, as are devces with default passwords and open Wi-Fi connections, the FBI states.
FBI recommendations for protection include:
- Isolating IoT devices on their own protected networks;
- Disabling UPnP on routers;
- Considering whether IoT devices are ideal for their intended purpose;
- Purchasing IoT devices from manufacturers with a track record of providing secure devices;
- When available, updating IoT devices with security patches;
- Being aware of the capabilities of the devices and appliances installed in your homes and businesses.
- Using strong passwords.