How devices on the Internet of Things (IoT) complicate security from the White House to your house.
Your data may not be quite as prized as, say, the President of the United States, but hackers love low-hanging fruit. In other words, although you might not have national secrets hiding in your Peloton, it doesn’t mean hackers won’t try to obtain personal information, which for you can be just as detrimental.
What is the IoT?
The Internet of things is described as “a network of physical objects—“things”—that are embedded with sensors, software, and other technologies to connect and exchange data with other devices and systems over the Internet.”
Anything connected to the internet, despite security protocols, can be hacked if the cybercriminal possesses the skills to do so. As smart devices grow in popularity, from light bulbs and refrigerators to now exercise equipment, the IoT makes possible a more personalized and realistic user experience.
What’s the problem with the Presidential Peloton?
Currently, it’s impossible to Google ‘Peloton’ without running into headline after headline regarding President Joe Biden’s bike blunder. The passionate outcries of fellow “Peloton-ers” claiming that no true lover of the exercise bike could live without it, and many major news articles dissecting the many ways that the Peloton can reside in the White House.
The Peloton exercise bike offers classes hosted by real fitness trainers and allows riders to compete with other users from their homes. It’s equipped with a microphone and camera, and just like with any connected device, with this luxury of a real-time experience comes vulnerability. Even Peloton recognizes that the bike is vulnerable to threats, stating on their Security & Compliance page, “no matter how much effort we put into system security, there can still be vulnerabilities present.”
Not only is the bike connected to Wi-Fi, but it’s also connected to other smart devices (fitness trackers and apps); if a hacker accesses one, there’s very little stopping them from accessing another and another. Cybercriminals could take control of microphones and cameras to listen in and even watch the inner workings of the White House day-to-day gym sessions or install malware that could spread throughout the White House network.
Many exceptions have been made for past Presidents when it comes to their prized possessions. Trump’s golf simulator, Obama’s personal Blackberry, and the list goes on. Security experts have said that for the bike to be completely secure, the Secret Service will be required to strip the bike of its most glorious features (the microphone and camera in the tablet) to make the moving truck.
Whether or not the bike has a new home in the White House gym is yet to be determined, so will you be “ridin’ with Biden” in your next Peloton class? We may never know.
How do I protect my Peloton and other IoT devices?
No matter the device, anything connected to Wi-Fi is at risk of being compromised by cybercriminals. Once they’re in the door (regardless of the “thing” on the IoT), it’s an easy jump to the next “thing” and eventually to your personal data like passwords and banking information. So how do you protect your devices?
In the case of securing your personal data, the devil is in the default settings. The first step to securing your home network is to change the default settings of your connected devices. Here are some things you can do to make sure your network is as safe as possible:
- Often the easiest thing to hack is your home router, as it comes equipped with virtually no built-in security measures. Rename your router and other IoT devices to something that doesn’t reflect personal details about yourself, like your name or home address.
- Change the default passwords. For example, most default router passwords may differ from the next by one number or letter. Many cybercriminals already know these default passwords, making it easy for them to gain access. Create strong, complicated passwords using special characters, numbers, and letters, again with no personal identifiers.
- Check default security and privacy settings, turning off unnecessary features like remote access, voice control, or Bluetooth connectivity.
- Don’t put off software updates as they may contain a necessary patch to protect against a security flaw.
- Use two-factor authentication (2FA) wherever possible as an added layer of protection. Enabling 2FA requires additional proof of identity upon logging in. This can be in the form of a one-time pin (OTP) or via a verification code sent to your phone or email address.
- Create a separate Wi-Fi network for your IoT devices, specifically separating them from your computers and smartphones where your most sensitive data is stored.
In the connected world we live in, the threat of vulnerability is always present. The ever-growing IoT has many advantages, as long as you take all necessary precautions to safeguard your data and remain aware of the risks. Never leave the security of your devices in the hands of the manufacturer.
