0

I'm interested in how I can secure my IoT devices from hackers. Particularly, I have a Xiaomi hub and a range of child devices for it. Also, how to secure devices that communicate using the Zigbee protocol.

I'm looking for some advanced tips. I browsed the web and all I could find are pretty basic tips like:

  1. Create a separate network for the IoT devices
  2. Enable Multi-Factor Authentication
  3. Secure password
  4. Regular firmware updates
  5. All kinds of tips related to router security

What else could you advise for securing IoT devices? Is there something more I can do except for the tips listed above? Please, don't suggest anything related to the router security, I already read this advanced guide.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Peter
  • 127
  • 7
  • 1
    This is far more focused, but if these devices are not accessible to the internet, then they are safe from hackers. If you have a secure separate network, then the protocol used doesn't matter since no one can access the traffic anyway. – schroeder Sep 26 '20 at 13:09
  • Make a sufficient logging which is capable of catching security accidents. Assign your scope and identify weakest parts, aka. attack vectors. Most probably it would be software that you use to configure your network. Make sure to have strong passwords, and that the software is consuming anti cross site request forgery tokens. Also keep things up to date. (software updates, firmware updates) And look into common pitfalls of default configuration for your device. – Mobutu Sese Seko Kuku Ngbendu Sep 28 '20 at 07:31
  • @schroeder, what if they can be controlled remotely, like Xiaomi devices from Mi home app? Also, is there anything I can do to protect from the local attack (if the attacker is near devices)? – Peter Oct 13 '20 at 11:36
  • @MobutuSeseSekoKukuNgbendu How do I do that is the only device that I can manage is the router? The other devices like Xiaomi hub don't have such security options and child devices like smart bulbs are even more limited in settings. – Peter Oct 13 '20 at 11:38
  • "if these devices are not accessible to the internet" -- that means that they cannot be controlled remotely, because there is no "remotely". – schroeder Oct 13 '20 at 12:05
  • For local access, you've covered it already. – schroeder Oct 13 '20 at 12:06

0 Answers0