An operator customer buys a smart security camera to monitor her home. Savvy about the dangers of IoT devices, she connects the camera to her home WiFi network, which is protected with her broadband provider’s smart home security value added solution. So far, so good.
Her camera is now protected from malicious traffic. But that’s not necessarily the end of the story.
It’s well known that smart devices are vulnerable to hacking, due to a manufacturing cycle that prizes speed to market over getting the details of security right. Hence the need for smart home security solutions like F-Secure SENSE, conveniently available via broadband providers.
But the cloud services used to manage IoT devices are not necessarily secure either, putting consumers’ private photos, video feeds, personal information and other data potentially at risk in the event of a hack.
In late December, smart camera maker Wyze announced it had been hit by a data breach. The company confirmed that databases storing the information of millions of customers had been left exposed on the internet for weeks. The compromised data included email addresses, camera nicknames, Wi–Fi names, gender, health data such as weight, and information on the users’ Wyze devices.
Wyze attributed the breach to an employee error. The company warned customers to watch out for phishing attempts and spam, as their email addresses may have leaked to third parties.
It’s the bitter truth about cyber security today: Even if you take all the proper precautions to protect your devices and accounts from compromise, you still have no control over how well the cloud services behind those devices protect your data. As we have seen over and over in the news headlines, too often, when it comes to security, these cloud services fail us.
When consumer data is publicly exposed, the threat of identity theft looms larger. Often, victims are unaware for months, or even years, before the results of a compromised identity become apparent. Nearly 32% of breach victims back in 2016 later experienced identity fraud, compared to just 2.8% of individuals not notified of a data breach in 2016, according to Javelin Research.
An attacker can exploit any bit of personal information to try to monetize in some way. If encrypted password hashes are exposed, attackers will set about using automated tools to convert them to plain text so they can try them out on various services along with associated usernames. In the case of the Wyze breach, emails were exposed, giving attackers an opportunity to target live email accounts with phishing messages that would trick users into giving up their passwords. The goal: Account takeover, and attackers will try to get into as many accounts as possible.
With one compromised password, attackers can use automation to credential stuff their way into other accounts. Once an attacker obtains access to an account, he or she can assume the role of account holder. That means taking advantage of the account’s privileges by performing bank transfers, making credit card purchases online, transferring loyalty points, and so on. The attacker can also gather as much personal info on the victim as possible, to lead to other forms of ID theft. And he or she can change the account password, locking out the rightful account owner and ensuring the attacker’s ability to access it.
Victims of identity theft report damage in various areas of their lives: Stress and anxiety while trying to get the problem under control; financial impact; and loss of credibility when credit is tarnished.
Consumers are largely aware of the problem: In an F-Secure survey, 7 out of 10 consumers agreed they could likely become a victim of cyber crime or identity theft, while 56% are worried about losing their personal information as part of a data breach.
That’s why, when it comes to operator value-added services, a smart home security solution like F-Secure SENSE is perfectly accompanied by an identity protection solution.
While SENSE protects all the devices connecting to the home network from malware and viruses and offers parental controls, F-Secure ID PROTECTION adds a layer of security for cloud services. A password manager helps users create and store a strong, unique password for each online service, significantly reducing the risk of account takeovers. ID PROTECTION also monitors for and detects leaked personal information in all corners of the web and dark web, and responds quickly to identity theft threats by alerting the user if their leaked data is found. Consumers are guided through step-by-step instructions if their info is found in a breach.
With ID PROTECTION, operator customers get best-in-class monitoring and alerting. Due to a combination of expert human intelligence and cutting-edge automated scanning technologies, F-Secure has the shortest lead times finding exposed data after a breach, and one of the highest hit rates for email addresses.
“F-Secure ID Protection is the perfect complement to our Connected Home Security solution,” says Kristian Järnefelt, Executive Vice President, Consumer Security at F-Secure. “It’s the opposite side of the same coin. Securing your devices and detecting if there are anomalies in your home network is essential, yet it doesn’t protect your data when it ends up in the cloud. By combining human intelligence with dark web scanning, data breaches can be detected everywhere, much faster than it is by services that use dark web scanning alone.”
With both services working together, consumers get full protection for their IoT devices, the cloud services that work to manage these devices, and for their connected home.