How secure is the data you share over your home Wi-Fi connection? Not as secure as you might think, according to experts. Software bugs in ubiquitous devices like Internet routers can leave your personal information at risk to hackers. As we continue to move into an ever-more-connected age, everything from smartphones to Web-connected printers could expose personal data in ways you might not realize.
Six years ago, for the first time ever, the number of Internet-connected devices surpassed the number of people in the world, according to a 2015 report from the Federal Trade Commission. By 2020, there will be an estimated 50 billion connected devices, and by that same year, 90 percent of consumer cars will be connected to the Internet. The FTC warned that while so many companies are creating products for the "Internet of Things" -- everything from smart kitchen appliances to children's toys -- they "may not have experience" dealing with security.
The Wall Street Journal recently commissioned a cybersecurity expert to test 20 new home Internet routers and found half had outdated firmware (the program that runs the device) with security flaws, including several with known problems that had not been patched.
In one example cited by the Journal, in 2014 engineers at software company Allegro Software Development Corp. discovered that router manufacturers had been churning out devices for years using old Allegro software instead of a newer version that was updated to fix a security bug. Without the security update, the routers put millions of consumers' Internet connections at risk of being hacked.
Devices that contain software that is not up to date to plug known security flaws is an all-too-common problem.
"This kind of thing is not new at all," Peter Tran, GM and senior director at the network security company RSA, told CBS News. But he says it's becoming an increasingly serious concern as more people work remotely and share data over Wi-Fi.
Tran said that out of the roughly 4.6 billion workers in the world, 20 percent telecommute at least part-time. That means there are a lot of people going online in their living rooms, not to mention opening their laptops in coffee shops or airports, sharing data over Wi-Fi connections that could be compromised. Even password-protected home connections can be vulnerable if they're not kept up to date with security patches.
Is this a concern that a lot of people should have? Yes. Is it a concern that a lot of people actually have? No, Tran said.
"It's easy to get in that mentality. The Verizon cable person sets you up and they will do everything for you and all they care about is getting you on the Web as fast as possible. The average consumer has their network's broadcast ID and access point easily accessible. All the settings are on the router, they could configure their own firewall, they could do what they need to secure themselves, but that isn't something they realize," he said.
Whether the circuit board of your router is outdated is dependent on the manufacturer and the overall consumer supply chain that churns out these devices. The Wall Street Journal notes that manufacturers don't have much motivation to keep sending updates for older routers.
Now that we live in an era of the "smart home," with hybrid routers that accommodate television, phone, personal Internet access, and other connected devices, Tran stressed that it's important that the average consumer remain vigilant.
"Anything that needs a connection to an Internet, anything that is 'smart,' is natively unsecure by default. There's going to be a risk, no matter where you are," Tran explained. "The way we deliver data now -- through the cloud, for instance -- needs greater and greater access points wherever you go. Other than your laptop and your device, the huge risk as far as being able to access the core of where your data is residing is the Internet access point. The bigger threat, to me, is how we as individual users are becoming the hub with spokes for would-be cyber criminals to traverse across a multitude of access points."
So, what can people do to protect themselves and their private data? Tran said that there are some good "Internet hygiene" practices to keep in mind. First, you should ask your service provider whether the firmware, the permanent software programmed into your router's read-only memory, is up to date. The second is to check out what wireless encryption your provider is using. Thirdly, you should restrict your Internet access point from being discovered outside. For instance, you don't want "John Doe's Internet" to be broadcast widely for all to see.
Tran said one basic step that most people neglect to take is to set up a complex password that will be tough for hackers to crack. Instead of something easy like "Jon123," make sure your password is more involved, and be sure to change it every 90 days, which he stressed decreases the risk that your connection will become compromised.
When going online, make sure your device is communicating directly with your router. Tran says you want to make sure you're using your own Internet access and not going through "someone else's connection" by mistake.
He also offered this food for thought: "More and more the problem is the printed circuit board industry itself. Roughly 88 percent of all circuit board manufacturers, those that make routers, for instance, are in Asia. They are in China, Japan, South Korea, and Taiwan. Now, 42 percent of those are all manufactured in mainland China," Tran said. "There's a lot of debate right now about the source of state-sponsored cyber attacks, corporate espionage."
Tran said that while many people worry about where their food is sourced, they take their electronics for granted.
"People look for non-GMO, fair-trade-and-sourced food products," he said. "They should do the same thing with the tools they use for their Internet connections."