by Charles Miller

In an earlier column I promised some more information about how to protect yourself and your home network from your own IoT (Internet of Things) devices and how cybercrooks can turn them against you. First though it is necessary to understand how most IoT devices connect to one another and to your smart phone.

Today a lot of people blithely connect all kinds of appliances to their home Wi-Fi networks unaware of the possible security implications. Light bulbs, kitchen appliances, security cameras, garage door openers, rectal thermometers (yes, seriously) and untold numbers of other home accessories may now be viewed and/or controlled using smart phone apps.

Take, for example, the new "smart" thermostat your HVAC professional installed to control your heating and/or air conditioner. Let us assume you are sitting comfortably in your recliner with smart phone in hand, and the smart thermostat is a few feet away on the wall. It is perfectly logical to assume that if you use a smart phone app to adjust the temperature of that thermostat that your phone might connect directly to it because it is only a few feet away. Nothing could be further from the truth... in fact many thousands of miles further.

When your HVAC professional installed the smart thermostat, following the instructions it was configured to connect to your home Wi-Fi. The thermostat then opened a persistent connection through your router's protective firewall to maintain a connection to a remote server. That server could be someplace such as Shenzhen, China.

When you aim your smart phone at the thermostat a few feet away and tap on the app to change the temperature, you are absolutely not connecting to it directly. The communication from your smart phone instead establishes an on-demand connection through your home Wi-Fi to that server in Shenzhen, China to which your smart thermostat is persistently connected. That server in China then negotiates a connection between your smart phone in México and your smart thermostat in México.

It might seem circuitous to employ an internet connection tens of thousands of kilometers long just to connect to the thermostat a few feet away, but actually the internet connection is quite efficient. It allows you to access your thermostat at home as well as when you are away from home. But unfortunately it facilitates hackers doing the same. If cybercrooks are clever enough to compromise the persistent connection your thermostat opened through your router's firewall, then potentially they could spy on other internet traffic inside your home network.

Just imagine how utterly humiliating it would be for your bank to inform you that the thousands of dollars you lost to hackers was because cybercrooks gained access to your bank account by going through your Wi-Fi-connected rectal thermometer. There are measures you can take to protect yourself, and very soon I promise to suggest some specifics.

Part 2

**************

Charles Miller is a freelance computer consultant with decades of IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted at 415-101-8528 or email FAQ8 (at) SMAguru.com.

Discover Lokkal:
Watch the two-minute video below.
Then, just below that, scroll down SMA's Community Wall.
Mission

Visit SMA's Social Network

Contact / Contactar