In this episode of CyberSound, co-hosts Jason and Michael sit down with Brian Brehart of Vancord to delve into the complexities of securing smart home devices within the context of the Internet of Things (IoT). The conversation explores the balance between convenience and security when integrating smart technology into homes, touching on topics such as wireless thermostats, smart TVs, and voice-activated assistants like Alexa.
The team encourages listeners to educate themselves on the importance of implementing robust security measures to maintain privacy, including setting up separate networks, updating router firewalls, and researching device security features. As the conversation broadens to include considerations for small businesses and the expanding range of internet-enabled devices, the team concludes by underscoring the importance of privacy in the IoT era.
In this episode of CyberSound, co-hosts Jason and Michael sit down with Brian Brehart of Vancord to delve into the complexities of securing smart home devices within the context of the Internet of Things (IoT). The conversation explores the balance between convenience and security when integrating smart technology into homes, touching on topics such as wireless thermostats, smart TVs, and voice-activated assistants like Alexa.
The team encourages listeners to educate themselves on the importance of implementing robust security measures to maintain privacy, including setting up separate networks, updating router firewalls, and researching device security features. As the conversation broadens to include considerations for small businesses and the expanding range of internet-enabled devices, the team concludes by underscoring the importance of privacy in the IoT era.
00:02
This is CyberSound, your simplified and fundamentals-focused source for all things cybersecurity.
Jason Pufahl 00:11
Welcome to CyberSound. I'm your host, Jason Pufahl, joined by Michael Grande, and Brian Brehart on the on the line today, Brian, thanks for joining, actually, I think you're going to join for a few upcoming episodes.
Brian Brehart 00:24
I will join as many times as you want.
Jason Pufahl 00:26
I know, well, and we chatted internally, we said, you know, we need we need someone with big personality and so, in with Brian.
Brian Brehart 00:33
Right, and we couldn't find that person so you got me.
Jason Pufahl 00:34
You get what you can, right. So today, actually, we're gonna we're gonna have a couple of conversations around sort of the idea of, you know, loosely idea of Internet of Things, right. And I think we're gonna focus today a little bit on having a conversation around the personal aspect, like your home-related devices and security, things people need to think about. And, you know, in many ways, I think we think of those similarly in that sort of small business space. Right?
Michael Grande 01:02
Absolutely. The convenience of, you know, access and constant sort of updates of, of what's happening and in a different place, maybe based on your geographical location. Your home, it's not a home office, it's it's an office that you need to be worrying about, or thinking about, climate control, etc. We'll go through all the lists, but yeah, yeah,
Jason Pufahl 01:24
All the conveniences. So I'll start off because we're, as you're kind of thinking about this a little bit in preparation. Yeah, I probably have a smarter home than I'd like, if I if I really boiling it down. And I think it comes down to me a lot of security versus convenience. There's great, there's great home internet devices that I had, like the like my smart thermostat. It's, it's super helpful, right? We travel on weekends, you want to turn your heat down, you want to turn heat up, come home to a warm house, like the convenience is, is is great. They're a complete black, black box to me, quite frankly.
Michael Grande 02:03
Yeah. One of the one of the areas in the same vein, when we fit out our office space, was the environmental control company came in with a new climate control system, and everything was wireless. It was the first time I'd ever known of a wireless thermostat. And very quickly, we were corrected on the correct protocols to put that on a separate network and, and how to protect it and harden it from our security experts. But yeah, I think there's, there's so many things out there, we could enumerate that pretty easily.
Brian Brehart 02:38
Yeah, and, you know, it is good that you mentioned that the separate network, because my internet provider, if you go with their equipment, doesn't have the ability to create a guest network. So I told him, ya know, I'll use my own router, thanks. Because I do have, you know, some smart devices, you know, my television, especially ever since the, you know, like the Apple TV or the Chromecast came out, you know, the television providers are putting on like, their kind of own, you know, apps. And so I don't want that on the same thing I share data, or my, you know, my computers and stuff. So, you know, I said, no, please just turn off the, the, the DACP on, you know, the automatic addressing on my, on my modem, and I'll, I'll handle the that. So I could put those things on a guest network that are, you know, they just go to the internet, they don't have to do anything else.
Jason Pufahl 03:38
So, so let me, let me jump in here for a second then because so, we're a Roku household, for the most part, they're cheap, right? 35 To 50 bucks, basically. And you can take any TV and make it, make it consistent, make it smart. If you want to use your phone as the remote, now you have to be on the same network, which means all of a sudden, you're forced the choice to put your phone on your guest network. Again, this sort of security versus convenience concept. I don't normally my phone is just on my, my internal network. And I'm curious, do you for your mobile devices? Do you put them on guests? Or are they just part of your normal network? Because you're always making these choices?
Brian Brehart 04:17
So I will say for the Apple TV, that one's on the main network. But that's only because it's essentially the same thing as my tablet or my phone already. I mean, it's doing the exact same thing. So and I have Apple devices, tablets and phones, so to me, it's kind of the same, you know, it's as I like to say it's same walled garden, so I trust that, my TV on the other hand, well, that one actually is plugged directly in so that's a hardwired to the to the internet, so it doesn't matter about Wi Fi. Yeah, that's the that's another thing if you can, you know, one thing that will help is if they can be, you know, and you have the technical savvy to do well, yeah, try and hardwire them in. Try and, you know, put a cable into it if you got to, you know, I know it'd be tough like in the kitchen, like, if you had a smart stove or a smart fridge or smart dishwasher, that one yeah, is the one that really was like, I don't, I don't need that level of control over doing my dishes. You know, if I forget to turn it on, oops, it turned out I just forgot.
Jason Pufahl 05:36
I do have the dumbest smart stove known to man. And luckily, it's basically never connected. So I don't have to worry about actually somebody firing that off.
Michael Grande 05:44
I didn't know a smart stove existed.
Jason Pufahl 05:46
If you're on a walk, you can, you can pre heat it. So it's ready to roll when you get home. But, luckily, it only maintains an internet connection about five minutes out of every week. And so it's pretty useless.
Michael Grande 05:56
So, you know, I think there's so many interesting things that, you know, we're walking through the convenience, security versus convenience. Right. And I think that that's, that's sort of one of the the main takeaways here. What about the sort of home management systems that that are out there, like the Google Home, your lights in your light management system, you know, I remember we had a, I think a gaggle of girls, you know, seven, eight year old girls over the house for for a dance practice, for a talent show for my for my daughter's school. And one of them said, out loud, Alexa play, and then the song that they were dancing to. And we all sort of looked around at each other wondering, you know, what? Oh, at home, I have Alexa, all I have to do is say, do something and it comes. Not in my home.
Jason Pufahl 06:53
Oh, so she assumed you,
Michael Grande 06:54
She assumed we all had it. But, I guess but you know, my question really goes to what about those sorts of devices? Because I think, you know, one of the big pitfalls with a lot of this technology is the ability to update firmware and patch vulnerabilities. I, for sure, I've never patched the baby cameras, the monitors, right for our young kids that are in their room over the crib. Never, never thought to patch those, or update the, you know, the operating system there.
Brian Brehart 07:26
So yeah, so to your point, since we are a security company, we should probably make some,
Jason Pufahl 07:33
Segue into security.
Brian Brehart 07:34
So I will say this, I am not in any way against the concept of the Smart House, the smart device, the Internet of Things. What I do, as someone that people come to, for advice on how to implement these things. You know, I remind them, they need to be updated. Do you have a method to update to make sure that they're patched? Does the vendor supply patches? Do they do them automatically? You know, that's one reason like my Apple TV, that gets that gets automatically updated on a regular. But to your point, the baby monitors those ones, you're gonna have to dig a little deeper. Because the assumption is, they're, you know, they're just baby monitors their cameras you watch your kids with when they're little and, you know, it gives you a kind of peace of mind. If you're go out and you have a babysitter, you can still, but let's not forget their their software that run these. And software gets outdated. And it may be outdated when they built it. You know, a lot of the underlying OS are like old and I mean, old, like Linux, because it had such a small footprint, you know, barely took, you know, how many megabytes to run it.
Jason Pufahl 09:09
And it's and it's free to license right, you know, most likely things like that. So, I mean, I think interesting, now my kids are older, so I'm not using cameras, but you know, at that age, I'm happy to see my kids, I don't want somebody else seeing my kids. And I think, you know, so there's a real there's a legitimate privacy issue with somebody, you know, remotely getting access to these cameras or doing something. And that's, there's a, there's a real sensitivity to that.
Michael Grande 09:30
Yeah. And I was very grateful that you know, that my brother, our partner, came over and when he set up the firewall and the wireless in the house, you know, enterprise grade everything, made sure to set up separate networks for all all of the different appliances that might talk to, you know, need to get out to the internet and do things like that. And I but I was just going through the list of the things that have been added since then. And making sure that you know, which which network did I put the washing machine on. And I can't believe that we have a smart washing machine, because it serves no purpose. If you're not standing in front of, who is removing the clothes, loading it, loading it and folding the clothes. And I probably should not even be the person having this conversation about that since I'm not very good at it. But yeah, it's, we add, we're just constantly adding items at home, in our in our work life, you know all new things that have connectivity. Sometimes security comes, we're thinking about security, second or third.
Jason Pufahl 10:35
Most people aren't going to make, unfortunately, because I think we are getting to a point where this type of technology in the home is getting much more common. Even if it's not a fully wired smart home, you're still adding the TVs, the thermostats, the stove, and all these things we're talking about. You made a, maybe you didn't have to make the investment because you're fortunate enough to own a security company. But most most folks probably have to go out and buy at least equipment that is reasonable capable of doing this, right. So, a router with a legitimate firewall and the ability to have a bunch of network segments. Most people know how to implement it. And yet, I think we're at a point where most homes probably deserve some amount of security like that.
Michael Grande 11:17
And you're hearing, sorry Brian, you're hearing a lot about these big internet providers, talking about security now when they're handing you the devices. But really, it's it's, it's only for sort of a small segment of filtering, maybe that they're doing on the router or some other things, they're not really thinking about sort of preventing access inside of your house or vulnerabilities that exist, you know, when you're wireless and things like that.
Brian Brehart 11:45
And you know, and there's also it, these things are coming out so rapidly that there's no oversight on, you know, there's no, you know, we like to look to, you know, government entities to, you know, monitor these, you know, things like NIST, right? This is this is what they do, you know, they create these standards. And they say, Well, you'll have this, this this, and they don't have that yet, we don't have that the FTC doesn't have any things for it, to my knowledge. Nor do I know if they're working on it. And I'm a pretty political guy, and I haven't heard anything. But so for people implementing these things, this it's kind of, you know, the last time I was on, we joked about how people don't know how to program a VCR. And now we're telling them, and because there aren't these standards, this falls on you. So here's the best way to do this. You're now an IT professional, right? Yeah. Yeah, you want to you want the convenience, you're going to have to implement the security. And the good news is, there are a lot of, I mean, a lot of consumer focused websites, and, yes, even actual magazines.
Jason Pufahl 13:03
I know, I turned to YouTube, for all my training for that.
Brian Brehart 13:07
YouTube's got it. You know, and so that's at least, you know, there are people stepping up to help the home user, because they do recognize that, you know, it's like, why we're talking about it here, you know, these are the things you have to think about, you have to think about, okay, you need a router with a firewall, that itself needs to be updated on a regular basis, you need to consider how you're connecting these devices, is it wireless? If again, like I like I said earlier, if you can put a cable into it, it will help with security, because you don't have that, you know, data flowing around the year, keep those updated, you know, make sure that the firewall, if you have to call your provider, they can help you configure it. So I mean, there's there's a, it's not just plug and play. You know, it's there's a lot to consider. Because there's a lot you can have, you know, like say smart door locks. Yeah, they figured out how to open those, they just walk right into your house. Yeah. And well, what happens if your security system is attached to that too, when they just turn it off? And you know, so? Yeah, it's your what price convenience?
Jason Pufahl 14:24
And it's such a tricky thing, like the smart door lock conversation because on the one hand, sure, where you could circumvent that and get in the house. But you could you could pick a lock pretty easily. If you really want to get in, you know, my house is no fortress, break a window. So I do waffle on things like that feeling like how much energy do I want to put on the door? It should be locked, right that but if any determined person is going to get in anyway. And that's kind of where I bought I waffled back and forth with I don't have six dead bolts on my door. I've got my traditional lock and a key, if I swapped that out with a Smart Lock, is it more or less secure? I'm not I'm not really sure.
Michael Grande 15:07
Yeah. And thinking about some, you know, access control, some businesses or when you're a part of a larger real estate building or set up, let's say you rent an office somewhere, and they have keycard badge access, right? You've got access control implemented at so many different places, you know, you're just thinking about, hey, access to my, I just want to get in the front door and get to my office. Well, you're not really sure what's happening on the back end of those things, or what else is connected to those systems? So they're all considerations? I think I'm just walking through ourselves with our buildings and our real estate, figuring out, did we do that the right way? Did we set it up correctly? Is our cloud, you know, video system, you know, configured correctly? And thankfully, I know that it is. But I think a lot of businesses, small businesses and happy owners, yeah, they just want it to work. Yeah. They want to be able to get in, have consistency, know what to do if the power goes out. Right. That's a whole nother consideration there. But yeah,
Jason Pufahl 16:09
So I think it's probably kind of time to wrap up. But the interesting part about this is we spent whatever this is the last 12 or 15 minutes talking about what I'll say is just the security aspect of this, really not to spend too much on the privacy piece. And yeah, you know, there's a whole there's a whole conversation to be had. And frankly, for me, that's probably the bigger concern for most of this typically is the privacy aspect. And don't forget now we're all starting to drive our electric vehicles into our garage, which are also completely internet enabled like that, you know, this has tendrils and it goes and goes. Yeah. So so we might have to run this back from from a privacy standpoint. Right.
Brian Brehart 16:09
Yes, that is a whole other conversation.
Jason Pufahl 16:13
So, we'll have to do with we'll have to do a third one. This will be an Internet of Things series. Alright, hey, Brian, Michael, thanks for joining. If you know if people have questions, of course about here's what I here's what I've got at home. And you know, can you give me some tips on how to secure it? You know, we're certainly happy to to answer it. I'm going to I'm going to use the the actual give Brian the opportunity to talk about our like button, what do we do?
Brian Brehart 17:16
Yeah, smash that like button, definitely, if you're on here that it does help and help spread the word and it helps get us, you know, all the Google stuff.
Jason Pufahl 17:25
Our goal here is educate so more people to hear it the better. So as always, thanks for listening. Hope you got value out of it, and we'll talk privacy soon. Bye.
17:36
We'd love to hear your feedback. Feel free to get in touch at Vancord on LinkedIn. And remember, stay vigilant, stay resilient. This has been CyberSound.