With the incremental efficiencies we gain with each new technology, there is also incremental potential for hackers to exploit the newfound vulnerabilities introduced. Fortunately, as the Internet of Things (IoT) advances, so does the knowledge of the many vulnerabilities discovered – many of which are hopefully remedied before they make hacking headlines. So what IoT devices have been discovered to have security vulnerabilities and how big of a risk might they pose to you?
Why do burglars care about your home’s temperature so much?
Digitally connected devices are starting to become the norm in our lives. I had my old thermostat for 15 years, and it was just fine. It allowed me to adjust the temperature as needed going from season to season – simple enough. Then about three years ago I got a Nest Thermostat and have not touched it since then. The Nest communicates over my Wi-Fi network and has a pretty smart algorithm to minimize energy use without the need for fiddling while keeping my family comfortable throughout the year. I can even remotely check the temperature of my house while away or let it know I am coming home early from vacation, so I’ll be comfortable when I walk in the door. But why does a cyber hacker care about the temperature of your home? The answer is they don’t care, but what they do care about is your patterns. The Nest logs your daily routine and notes when you are away or when you specifically set your thermostat in the vacation mode. Just think about the power of someone knowing when you are on a two-week vacation thanks to your thermostat sharing this info over a network. This is the digital equivalent of the pile of unread newspapers on your doorstep, except it doesn’t require a thief to even leave their own house to know you’re not home. They might physically break into your house and rob you, tip off their criminal buddy, or just spend some energy hacking into your computer while you’re away.
Wireless baby monitors – peace of mind or will they add to your sleepless nights?
I have two children, so I was extremely excited when I realized I could just pick up a wireless baby monitor to watch and listen remotely from the comfort of my bed. Sometimes the babies needed me and sometimes they were just being fussy. Being able to instantly see and hear the children on the monitor saved me countless trips back and forth to the crib, not to mention all the waking hours I have also saved myself. In 2015, Researchers from Rapid7 have analyzed numerous wireless baby monitors in an effort to expose critical vulnerabilities that hackers could use to carry out an attack, spy on children or even reconfigure the settings. Weaknesses include monitoring live video feeds, changing camera settings, harvesting video clips stored online, and making an unlimited number of additions to the list of users who are authorized to remotely view and control a monitor. This is scary stuff that has turned the convenience of checking on my kids remotely into a parental nightmare.
SmartWatches are stupid if they get hacked
With the advent of the smartwatch, an entirely new ecosystem has been created around health and fitness. Devices like Apple Watch have provided stylish control that, when paired via Bluetooth to your iPhone, can command many sensors throughout your home. Hackers are opportunists looking to find backdoors and flaws in the wireless communications in these new smartwatches so they can spy on individuals or perhaps use the smartwatch as a conduit to get to your email, plant malware or even install a key logger. This is precisely what happened to President Obama’s plans to adopt use of Apple Watch into his regular workout routine. In regards to Apple Watch, he told re/code “I’m gonna test it out.” but ultimately ended up using a Fitbit because of security concerns. Fitbit is a closed system and does not require a smartphone connection to access all features unlike Apple Watch.
Hackers don’t need to break down the door containing a smart lock
Hackers avoid physical security at all costs – it’s just not their specialty the way computer networks have traditionally been but that may change as smart locks gain wide spread acceptance. Who wants to carry another key when you can use your smartphone and simply stand outside your front door? From a security perspective, adding a smart lock to you home is like adding another street level window – just one more point of entry. In an emergency, you can send a temporary key to a neighbor to check on the cat, for example, but what if a hacker intercepts that key or creates their own temporary key? The push to get to market yesterday happens without having products go through proper security testing on these devices today
Internet connectivity is quickly enabling smart devices to make our lives more efficient, so we need to stop and ask how secure is IoT? With each IoT device that you plan on integrating in your life, always check to see what attack vectors a hacker might look to exploit. Verify that each IoT device has the capability to have firmware updated if a serious vulnerability is discovered. IoT designs that succeed will be based upon sound security baked in from the start with the ability to upgrade software as new attacks and vulnerabilities are discovered. Sometimes applying common sense is the best security. Ask yourself if you are willing to potentiality trade the convenience of a particular IoT sensor for the chance of compromised privacy.
This post is sponsored by HPE’s Business Value Exchange
- Stalking has never been easier so let’s change that - 02/08/2023
- This is why nobody is allowed a cell phone in classified debriefings - 11/18/2022
- Death of the VPN: A Security Eulogy - 08/24/2022
[…] https://scottschober.com/iot-things-less-security/ […]