IoT & Smart Device Security

Audit the smart devices sharing your home Wi-Fi.

What Is IoT & Smart Device Security?

Your smart camera, thermostat, and voice assistant share a network with the laptop you use for work. When one of them is compromised, the attacker is already inside your perimeter. In this exercise you complete a mandatory company IoT security assessment using the SmartShield portal. A network scan surfaces a critical finding on your smart camera: it is still using admin/admin, its firmware is two years out of date with 14 unpatched CVEs, and it has been making unexplained outbound connections during the early morning hours - a strong signal the device is already part of a botnet. You walk through remediation hands-on: generating a strong unique password with the SecureVault browser extension and applying it to the camera, updating the firmware to patch the known vulnerabilities, and configuring a guest network on your home router so the IoT devices live on a segment that cannot reach your work laptop. The exercise closes with a submitted assessment report and a follow-up from IT Security.

What You'll Learn in IoT & Smart Device Security

IoT & Smart Device Security — Training Steps

  1. A Connected Home Office

    Your home office is equipped with several smart devices - a security camera monitoring the front door, a smart thermostat keeping the room comfortable, and a voice assistant on the desk. You set them all up months ago and have not thought much about their security since.

  2. The Security Initiative

    A new email has arrived from the IT Security Team. It appears to be about a company-wide security initiative targeting remote workers' home networks.

  3. Accessing the Portal

    The email links to the SmartShield IoT Security Portal, Crestline's tool for scanning and securing IoT devices on home networks.

  4. Logging In

    The SmartShield login page loads in the browser. Alice needs to authenticate with her company credentials.

  5. Initiate Network Scan

    The SmartShield dashboard loads, but it is empty - this network has never been audited. Before any score, alert, or finding can be trusted, Alice has to actually run the scan that produces them.

  6. Network Scan in Progress

    The SmartShield Agent on your laptop is now sweeping your home network - probing TCP ports, fingerprinting firmware versions, and checking each device against the CVE database. The scan typically takes a few seconds on a small home network.

  7. Scan Results

    The scan has completed and the results are concerning. The overall network score landed at 28/100 - Critical. Three devices have been flagged with security issues. The smart camera has critical vulnerabilities - it is still using the manufacturer's default password and its firmware has not been updated in over two years. The thermostat and voice assistant have medium-severity issues.

  8. Understanding the Risk

    Before proceeding with remediation, consider why default credentials pose such a serious threat to IoT devices.

  9. Camera Security Audit

    Alice opens the detailed audit report for the smart camera. The findings are alarming - the camera has been making outbound connections to unknown IP addresses in Eastern Europe and Southeast Asia. This is a strong indicator that the device may already be compromised and part of a botnet.

  10. Starting Remediation

    The audit also reveals that the camera's firmware is severely outdated. Version 1.2.0 was released over two years ago, while the current version 3.1.2 patches 14 known security vulnerabilities including a critical remote code execution flaw.