Currently with consumer-grade networking equipment; if a security threat compromises your home network I’d bet my bottom dollar that you are not going to get a notification from your router. Unfortunately, most home users have a “she’ll be right” type mentality of security because ignorance is bliss. The fact is you are unlikely to know if you have a keylogger on your computer, a trojan on your laptop, or ransomware encrypting the photos on your phone until the hackers have all the leverage over you. But why should you worry if nobody else is? We are about to see a massive systematic shift in the use of technology and you are about to get targeted a lot more.
Businesses have already started improving their security systems and their move to ISO standards for data protection means hackers are going to move to easier targets. Is it better for a hacker to target a business with advanced firewall protections, dedicated security staff, and security protocols or are they going to target you with an old WiFi speaker that hasn’t been supported for years, a basic firewall, and a basic WiFi router?
That old WiFi smart switch, no-name WiFi weather station, or 5-year-old WiFi smart speaker could be the perfect attack vector to let hackers into your network and your WiFi router isn’t going to tell you that there is suspicious traffic on your network.
If you turn the clock back 20 years it was common security practice to have security software like Norton, Trend Micro, or AVG on your devices to keep them safe. Over the years this requirement for security fell onto the manufacturer of the device to keep you safe so now we have reasonable levels of security built into most new devices but what happens when these devices are no longer supported or the company that made the device never took the security aspect seriously?
Unfortunately, it results in possible attack vectors. If I want to hack into someone's home network from the other side of the world then I won’t target their Apple, Google, or Windows device, instead, I would target the weakest device on their home network like a smart switch, a WiFi speaker or even a printer. Once someone has access to your local network they can then wreak havoc connecting to other devices on the network and you will be none the wiser.
So what could change? The commercial features that we see in large corporations will start to filter down to consumer-grade devices. In time we will see AI firewalls on WiFi routers that will detect abnormal traffic and notify you of possible misuse of the network. It is likely that the early versions will just notify you of possible issues but over time they will also block the threats and plug security holes that other manufacturers have left open.
So in the meantime be suspicious of any device you put on your WiFi network and please, please, please use VLANs for all of your IOT devices.
I sure am glad there is a company out there looking out for the little guy and working on an AI firewall for SMBs and consumers ;)
