Internet of Things? More like Internet of Threats
Here’s a quick question: how many things in your home or office, or on your person, are spying on you?
Your phone’s a given, right? What about your Fitbit? Do you have a smartwatch? How about a smart TV? A digital assistant (like Amazon Alexa)? Robot vacuum? Smart fridge? Any smart toys?
There’s no doubt that such devices make people’s lives more enjoyable and efficient. But many of them have no real security protections. As you go about your day – from home to work and home again – and your device connects to each available Wi-Fi network, you may be unwittingly exposing not only got home, but also your workplace to online threats.
Internet of things devices (IoTs) are currently being deployed in a large variety of products throughout your home, businesses, hospitals, and even entire cities, but they are routinely being hacked and used as weapons in cyber attacks due to lack of stringent security measures and insecure encryption mechanisms.
CloudPets: A parent’s worst nightmare
Check out this 2017 video of an 11 year old boy who hacked his teddy bear and turned it into a listening device.
That’s a “CloudPet”. They are no longer available for sale.
CloudPets were toys that connected to mobile apps and let parents and loved-ones send voice messages to their kids.
To set up your CloudPet, you had to give it your child’s name, an email address and a photo. CloudPets stored all that information in an unsecured online database, accessible to anyone with the know-how. That database also contained:
- the child’s day and month of birth,
- their relationships to parents and “friends” (i.e. grandmother, uncle) authorised to share messages with the child, and
- all the voice recordings.
The CloudPets data was accessed many times by unauthorised parties. On several occasions it was deleted and held for ransom. Despite multiple warnings from people in the online security sphere, the company refused to acknowledge any security problems existed. When finally forced to own up, they would not admit the extent of the problem or accept fault.
This whole sorry debacle proves one enduring principle: always assume data like this will end up in other peoples’ hands. It only takes one little mistake on behalf of the data custodian – such as misconfiguring the database security – and every single piece of data they hold on you and your family can be in the public domain in minutes.
The security implication of IoT can not be overlooked
CloudPets is one example of what can happen when IoT device manufacturers fail to put the time in on research and development. With the proliferation of these products – many extremely cheap – I urge everyone to be mindful of the dangers.
Several forecasts indicate that IoT will connect 50 billion devices worldwide by the year 2020. (source) That’s 580 billion tiny, specific computers designed for limited functionality and often with limited security and no lifetime support.
The growing security implications of connecting objects on a massive scale have not been lost on legislators and standards bodies. In most regions of the world, the move to create new standards for IoT is gaining momentum.
Protecting yourself from the internet of (vulnerable) things
There really is no quick fix for the problem of vulnerable IoT devices, other than to avoid them. Poorly secured smart devices are a serious threat to the security of your network, whether that’s at home or at work.
IoT devices collect more intimate data about us than was possible with previous devices. This data can be used to create profiles that give incredible insight into consumers, and can even predict behaviour. The consumer profiles that can be built with all this data can then be used to sell us products at times when our willpower is lowest.
Between this predatory use of data, the security concerns, and the often poorly supported purpose for the IoT makeover – for example the Nespresso machine that can be turned on via a mobile phone app, but only once a pod has been loaded, water poured into the reservoir, and the cup aligned – my firm advice would be to consider the risk you’re taking on with any IoT device.
Evaluate the objects capabilities, functioning, and security and privacy settings before bringing any IoT device into your life.
- Six things you should know about the Internet of Things
- The quiet threat inside ‘Internet of Things’ devices
Header Image: Designed by Frimufilms on Freepik