Virtual Private Networks (VPNs), despite their somewhat esoteric name, aren’t unknown to everyday users. Many people, including myself, use VPN apps or Chrome extensions like Hola to get onto sites that are blocked or otherwise inaccessible in certain countries.
Many people find themselves using a VPN for the sake of convenience, very few implement one for the purpose of security.
With the ever-growing popularity of IoT devices, however, it’s important to consider using a VPN as an extra security measure. IoT devices gather a variety of confidential data, which makes companies more than a little bit annoyed and apprehensive.
For IoT devices within the home, a VPN helps prevent sensitive personal information from passing into the wrong hands. For businesses, it helps shield confidential company data from potential exposure.
Preventing Eavesdropping and Leaks
The eavesdropping potential for IoT devices — particularly for smart home speakers like the Amazon Echo — has caused skepticism and even fear about IoT devices in general. South Park captured these fears in one of its latest episodes. It’s a spoof in which Amazon founder and CEO Jeff Bezos use Alexa to spy on and manipulate an unsuspecting public.
Of course, South Park’s account is a hyperbole. But IoT devices, by their very nature, do collect hoards of personal or confidential information, leaving personal data especially vulnerable to hackers or spies. Within the home, for instance, a smart security camera gathers data about when family members are and aren’t home. A smart fitness device will know information about a person’s location, physical health and exercise habits — and what anyone in the house is talking about with their friends.
VPNs not only encrypt data, but they also mask a user’s geographical location and IP address. Protecting this data helps prevent third parties, whether hackers, Internet Service Providers, government agencies, or others who might try to gather information about your activities. This means that other entities cannot infiltrate an IoT device and start eavesdropping or leaking confidential information.
Protecting Against Common Attacks: Botnets and MITM Attacks
A VPN can help protect against two common IoT attacks: botnets and MITM attacks.
A botnet is a network of computers or other internet-connected devices that are infected with malware. The devices are controlled as a group, making it possible for hackers to launch large-scale attacks. These attacks can be conducted not just from computers but from all IoT devices as well; hackers can infect a large number of IoT devices with malware to create a botnet that they can use to debilitate a company or access its data.
Using a VPN helps mitigate these risks by ensuring that the channel between an IoT device and its server are completely protected.
Likewise, VPNs help prevent MITM (Man-In-The-Middle) attacks, which involve third parties intercepting network traffic — for example, between an IoT device and the network’s central access point. VPNs, by encrypting traffic, ensure that the data gathered from the IoT device is unreadable–even in the event that a malicious actor intercepts that traffic.
VPNs and IoT Go Hand-in-Hand
While consumers and businesses love IoT devices for the sake of ease and convenience, there is a great deal of outcry over the security of such devices. No device, whether a smart home speaker or smart vacuum cleaner, is without such controversy.
Business, as well as individuals, need to be cautious about the security loopholes that can come with such devices. For companies, there are plenty of recommended business VPN providers that will help ensure more secure operations without compromising on network speed. For everyday consumers, free VPN services, many of which are quite reputable and secure, work just as well.
It’s ultimately the responsibility of the production side to make such devices more secure. As it stands, however, IoT devices have too little computing power to include inbuilt security features and encryption software.
For now, it’s up to the users to take the first step in protecting themselves. In order to account for the lack of sufficient inbuilt security mechanisms, we need to make VPN use an inherent part of responsible IoT device use.