Phones, speakers, coffee makers, cars, cameras, blenders, baby monitors, dishwashers, thermostats, and watches all have something in common: they’re now connected to the internet. You can talk to artificial intelligence with names like Siri, Cortana, Robin, and Alexa to get an answer to virtually any question, start your morning coffee with your phone, and lock the doors or turn on your home alarm system remotely. These devices that are connected to the internet are all known as the Internet of Things. Today, all things electronic are coming online for ease of use and convenience. However, all of the benefits of the Internet of things, or IoT, comes at a cost to privacy.
The constant threat to privacy is inherent in the way we use the internet; social media, apps, public Wi-Fi, can all be potentially dangerous to privacy. One needs to look no further than the fictional yet largely realistic HBO series Mr. Robot. In the show, the main character, Elliot, hacks people’s lives through social engineering and technological prowess. In one scene, hackers were able to gain access to all of the controls in a smart home system. The hackers took control of the security system- blaring the alarm, they controlled the thermostat- freezing the home, controlled the water temperature- scolding the resident with hot water when she attempts to shower. Within a few minutes, she is forced to go get a hotel room to escape the chaotic house.
Sure, this example is from a fictional TV show but IoT vulnerabilities are real. In 2015 for example, Wired correspondent Andy Greenberg performed a test allowing two hackers to wireless take control of a 2014 Jeep that he drove from 10 miles away. They were able to control the air conditioning, radio volume, windshield wipers, and even shut down the engine while he was on the highway. In another example, the principal security researcher at Zimperium decided to take the Mr. Robot route. He hacked his own coffee maker to put IoT security risks to the test. In no time he was able to decipher how to control the coffee maker through the terminal prompt on his computer. He ascertained that with this vulnerability he could gain control of any device on the network. Large corporations aren’t immune to IoT vulnerabilities either. Two executives at Blackberry found a similar flaw in an internet connected tea kettle at their office. What all of these examples found is that if someone can gain control of a tea kettle or coffee machine, then they can infiltrate anything else on that network.
Simply put, if someone controls a device, they can control the network, and control your information.
Additionally, the infiltrator can use your webcam, listen to your baby monitor, and monitor all data flowing on the network without you knowing. The ability to infiltrate any device on a network brings the ability to remotely watch not just your online activity, but anything you do within eyesight or earshot of a smart device in your home.
Perhaps the best example of IoT vulnerabilities is that on Internet domain service provider Dyn October 2016 that affected millions of people. The attack disrupted major websites like CNN, Pinterest, Reddit, Netflix, Facebook, and Spotify. Investigators believe that the attack was carried out by a botnet from the malware known as Mirai. Normally in a botnet, hackers infect and control as many computers as possible by infecting them with malware controlling them and using them as a way to overload a target server. Mirai is different in that it is an IoT botnet, it infiltrates devices connected to the internet- not only computers. The Dyn attack was done with over 100,000 devices sitting in living rooms and offices through devices as benign as DVRs, and even CCTV.
What can you do
All technology comes with a learning curve. Today, we use cars, airplanes, electricity, with the assumed expectation that they are safe. But it didn’t always use to be that way. The safety in air travel, for example, is due in no small part to previous mistakes- often at the cost of lives. After air accidents occurred, investigators pinpointed the cause of the incident and implemented new rules in order to prevent the same mistake from happening again. Though this process is ongoing, in the 116 years or so since we began flying it is this trial and error that has given us the relative safety and certainty that we enjoy today. Cars, electricity, and countless other technologies and industries have also been going through this process since they emerged.
By 2020 experts believe that there will 13.5 billion ‘things’ connected to the internet. Unfortunately, in the constant pursuit for a better bottom line, corporations’ duty to protect their consumers’ privacy and security sometimes falls to the wayside. So the prioritization of security and privacy must be at the forefront of consumers’ minds as the IoT industry grows. Being informed about what IoT is and how it will affect you is the first step. Once you know about the dangers of the Internet of Things than protecting your privacy and security is the next. Here are some simple guidelines.
- Change your default router username and password. Studies have found that as much as 50% of people haven’t taken this simple step to improve their home Wi-Fi security. It’s Even better if you change it periodically.
- Use strong passwords. Your password is pretty useless if you it’s ‘123456.’
- Keep your apps and devices updated. Updates are there for a reason. Companies regularly update their products to not only improve its use but also to remove security or privacy flaws.
- Be a conscientious consumer. Know what you are buying and the possible privacy risks. Though this isn’t always made easy through technical and legal jargon in end user license agreements.
It’s important to remember that there is no golden ticket when it comes to online privacy. Ultimately, it is up to lawmakers and regulating agencies to protect consumers legally. Without the support of laws and regulations, accusations of companies not protecting consumers’ privacy have little footing. Is the Internet of Things dangerous to your privacy? The short answer is yes. Yet so is flying. But unlike flying in a commercial airliner there are several things you can do to protect yourself when it comes to the IoT. At the end of the day, the power lies in the customer. Following the guidelines above and being a conscientious consumer is the best tool that the average person has when it comes to protecting privacy.