The
pop-up
toaster
as
we
know
it
first
hit
the
shelves
in
1926,
under
the
brand
name
“Toastmaster.”
With
a
familiar
springy
*pop*,
it
has
ejected
toast
just
the
way
we
like
it
for
nearly
a
century.
Given
that
its
design
was
so
simple
and
effective,
it’s
remained
largely
unchanged.
Until
now.
Thanks
to
the
internet
and
so
called
“smart
home”
devices.
Toasters,
among
other
things,
are
all
getting
connected.
And
have
been
for
a
few
years
now,
to
the
point
where
the
number
of
connected
Internet
of
Things
(IoT)
devices
reaches
well
into
the
billions
worldwide—which
includes
smart
home
devices.
Businesses
use
IoT
devices
to
track
shipments
and
various
aspects
of
their
supply
chain.
Cities
use
them
to
manage
traffic
flow
and
monitor
energy
use.
(Does
your
home
have
a
smart
electric
meter?)
And
for
people
like
us,
we
use
them
to
play
music
on
smart
speakers,
see
who’s
at
the
front
door
with
smart
doorbells,
and
order
groceries
from
an
LCD
screen
on
our
smart
refrigerators—just
to
name
a
few
ways
we
have
welcomed
IoT
smart
home
devices
into
our
households.
In
the
U.S.
alone,
smart
home
devices
make
up
a
$30-plus
billion
marketplace
per
year.
However,
it’s
still
a
relatively
young
marketplace.
And
with
that
comes
several
security
issues.
IoT
security
issues
and
big-time
botnet
attacks
First
and
foremost,
many
of
these
devices
still
lack
sophisticated
security
measures,
which
makes
them
easy
pickings
for
cybercriminals.
Why
would
a
cybercriminal
target
that
smart
lightbulb
in
your
living
room
reading
lamp?
Networks
are
only
as
secure
as
their
least
secure
device.
Thus,
if
a
cybercriminal
can
compromise
that
smart
lightbulb,
it
can
potentially
give
them
access
to
the
entire
home
network
it
is
on—along
with
all
the
other
devices
and
data
on
it.
These
devices
make
desirable
targets
for
another
reason.
They
can
easily
get
conscripted
into botnets,
networks
of
hijacked
computers
and
devices
used
to
amplify
Distributed
Denial
of
Service
(DDoS)
attacks
that
organize
the
devices
into
an
attacking
host
that
can
flood
a
target
with
so
much
traffic
that
it
cannot
operate.
DDoS
attacks
can
shut
down
websites,
disrupt
service
and
even
choke
traffic
across
broad
swathes
of
the
internet.
Remember
the
“Mirai”
botnet
attack
of
2016,
where
hackers
targeted
a
major
provider
of
internet
infrastructure?
It
ended
up
crippling
traffic
in
concentrated
areas
across
the
U.S.,
including
the
northeast,
Great
Lakes,
south-central,
and
western
regions.
Millions
of
internet
users
were
affected,
people,
businesses,
and
government
workers
alike.
Another
headline-maker
was
the
Amazon
Web
Services
(AWS)
attack
in
2020.
AWS
provides
cloud
computing
services
to
millions
of
businesses
and
organizations,
large
and
small.
Those
customers
saw
slowdowns
and
disruptions
for
three
days,
which
in
turn
slowed
down
and
disrupted
the
people
and
services
that
wanted
to
connect
with
them.
The
Mirai
and
AWS
stand
out
as
two
of
the
highest-profile
DDoS
attacks,
yet
smaller
botnet
attacks
abound,
ones
that
don’t
make
headlines.
Still,
they
can
disrupt
the
operations
of
websites,
public
infrastructure,
and
businesses,
not
to
mention
the
well-being
of
people
who
rely
the
internet.
Botnet
attacks:
Security
shortcomings
in
IoT
and
smart
home
devices
How
do
cybercriminals
harness
these
devices
for
attacks?
Well,
as
the
case
with
many
early
IoT
devices,
the
fault
lies
within
the
weak
default
passwords
that
many
manufacturers
employ
when
they
sell
these
devices.
These
passwords
include
everything
from
“admin123”
to
the
product’s
name.
The
practice
is
so
common
that
they
get
posted
in
bulk
on
hacking
websites,
making
it
easy
for
cybercriminals
to
simply
look
up
the
type
of
device
they
want
to
attack.
Complicating
security
yet
further
is
the
fact
that
some
IoT
and
smart
home
device
manufacturers
introduce
flaws
in
their
design,
protocols,
and
code
that
make
them
susceptible
to
attack.
The
thought
gets
yet
more
unsettling
when
you
consider
that
some
of
the
flaws
were
found
in
things
like
smart
door
locks.
The
ease
in
which
IoT
devices
can
be
compromised
is
a
big
problem.
The
solution,
however,
starts
with
manufacturers
that
develop
IoT
devices
with
security
in
mind.
Everything
in
these
devices
will
need
to
be
deployed
with
the
ability
to
accept
security
updates
and
embed
strong
security
solutions
from
the
get-go.
Until
industry
standards
get
established
to
ensure
such
basic
security,
a
portion
of
securing
your
IoT
and
smart
home
devices
falls
on
us,
as
people
and
consumers.
Steps
for
a
more
secure
network
and
smart
devices
As
for
security,
you
can
take
steps
that
can
help
keep
you
safer.
Broadly
speaking,
they
involve
two
things:
protecting
your
devices
and
protecting
the
network
they’re
on.
These
security
measures
will
look
familiar,
as
they
follow
many
of
the
same
measures
you
can
take
to
protect
your
computers,
tablets,
and
phones.
Grab
online
protection
for
your
smartphone.
Many
smart
home
devices
use
a
smartphone
as
a
sort
of
remote
control,
not
to
mention
as
a
place
for
gathering,
storing,
and
sharing
data.
So
whether
you’re
an
Android
owner
or
iOS
owner,
use
online
protection
software
on
your
phone
to
help
keep
it
safe
from
compromise
and
attack.
Don’t
use
the
default—Set
a
strong,
unique
password.
One
issue
with
many
IoT
devices
is
that
they
often
come
with
a
default
username
and
password.
This
could
mean
that
your
device
and
thousands
of
others
just
like
it
all
share
the
same
credentials,
which
makes
it
painfully
easy
for
a
hacker
to
gain
access
to
them
because
those
default
usernames
and
passwords
are
often
published
online.
When
you
purchase
any
IoT
device,
set
a
fresh
password
using
a
strong
method
of
password
creation,
such
as
ours.
Likewise,
create
an
entirely
new
username
for
additional
protection
as
well.
Use
multi-factor
authentication.
Online
banks,
shops,
and
other
services
commonly
offer
multi-factor
authentication
to
help
protect
your
accounts—with
the
typical
combination
of
your
username,
password,
and
a
security
code
sent
to
another
device
you
own
(often
a
mobile
phone).
If
your
IoT
device
supports
multi-factor
authentication,
consider
using
it
there
too.
It
throws
a
big
barrier
in
the
way
hackers
who
simply
try
and
force
their
way
into
your
device
with
a
password/username
combination.
Secure
your
internet
router
too.
Another
device
that
needs
good
password
protection
is
your
internet
router.
Make
sure
you
use
a
strong
and
unique
password
there
as
well
to
help
prevent
hackers
from
breaking
into
your
home
network.
Also
consider
changing
the
name
of
your
home
network
so
that
it
doesn’t
personally
identify
you.
Fun
alternatives
to
using
your
name
or
address
include
everything
from
movie
lines
like
“May
the
Wi-Fi
be
with
you”
to
old
sitcom
references
like
“Central
Perk.”
Also
check
that
your
router
is
using
an
encryption
method,
like
WPA2
or
the
newer
WPA3,
which
will
keep
your
signal
secure.
Upgrade
to
a
newer
internet
router.
Older
routers
may
have
outdated
security
measures,
which
may
make
them
more
prone
to
attack.
If
you’re
renting
yours
from
your
internet
provider,
contact
them
for
an
upgrade.
If
you’re
using
your
own,
visit
a
reputable
news
or
review
site
such
as
Consumer
Reports
for
a
list
of
the
best
routers
that
combine
speed,
capacity,
and
security.
Update
your
apps
and
devices
regularly.
In
addition
to
fixing
the
odd
bug
or
adding
the
occasional
new
feature,
updates
often
address
security
gaps.
Out-of-date
apps
and
devices
may
have
flaws
that
hackers
can
exploit,
so
regular
updating
is
a
must
from
a
security
standpoint.
If
you
can
set
your
smart
home
apps
and
devices
to
receive
automatic
updates,
even
better.
Set
up
a
guest
network
specifically
for
your
IoT
devices.
Just
as
you
can
offer
your
guests
secure
access
that’s
separate
from
your
own
devices,
creating
an
additional
network
on
your
router
allows
you
to
keep
your
computers
and
smartphones
separate
from
IoT
devices.
This
way,
if
an
IoT
device
is
compromised,
a
hacker
will
still
have
difficulty
accessing
your
other
devices
on
your
primary
network,
the
one
where
you
connect
your
computers
and
smartphones.
Shop
smart.
Read
trusted
reviews
and
look
up
the
manufacturer’s
track
record
online.
Have
their
devices
been
compromised
in
the
past?
Do
they
provide
regular
updates
for
their
devices
to
ensure
ongoing
security?
What
kind
of
security
features
do
they
offer?
And
privacy
features
too?
Resources
like
Consumer
Reports
can
provide
extensive
and
unbiased
information
that
can
help
you
make
a
sound
purchasing
decision.
Don’t
let
botnets
burn
your
toast
As
more
and
more
connected
devices
make
their
way
into
our
homes,
the
need
to
ensure
that
they’re
secure
only
increases.
More
devices
mean
more
potential
avenues
of
attack,
and
your
home
networks
is
only
as
secure
as
the
least
secure
device
that’s
on
it.
While
standards
put
forward
by
industry
groups
such
as
UL
and
Matter
have
started
to
take
root,
a
good
portion
of
keeping
IoT
and
smart
home
devices
secure
falls
on
us
as
consumers.
Taking
the
steps
above
can
help
prevent
your
connected
toaster
from
playing
its
part
in
a
botnet
army
attack—and
it
can
also
protect
your
network
and
your
home
from
getting
hacked.
It’s
no
surprise
that
IoT
and
smart
home
devices
are
raking
in
billions
of
dollars
of
years.
They
introduce
conveniences
and
little
touches
into
our
homes
that
make
life
more
comfortable
and
enjoyable.
However,
they’re
still
connected
devices.
And
like
anything
that’s
connected,
they
must
get
protected.
About Author
