There’s no question that the Internet of Things greatly improves the convenience of our lives, but at what cost? Smart home products already constitute a multibillion-dollar industry that is only going to continue growing. However, we can’t ignore the numerous attacks have already taken place with IoT devices.
For example, back at the end of 2014, a Russian-based website streamed thousands of private webcams live to “draw attention to the problem” of a lack of security. These streamed videos included more than just families at home who don’t understand the problem that unsecured IoT devices could bring, but also hospitals and stores that should have a designated IT security team.
While there is certainly a problem in not protecting innocent consumers without much IT knowledge, the problem goes far beyond this. For example, last year, a hacker was able to enter a casino’s entire network. Casinos need to be very secure, for obvious reasons, so the hackers looked for an unusual method — entering the networking through an Internet-connected fish tank.
It’s not that the casino didn’t realize that this smart fish tank should also be secured. In fact, they took extra security precautions to set up the tank. So, it’s important to recognize that even with additional security, hackers were still able to gain access. This proves that security and privacy issues with IoT have a long way to go before anyone can feel safe.
However, either these security concerns aren’t reaching the ears of the general public, or they simply prefer the convenience of IoT devices over the potential risk, because the IoT industry continues to grow.
Having the ability to heat up your house before you get home or use your phone to control when the coffee pot turns on really isn’t a technology to be dismissive of. Using your voice to tell your TV what to play makes people feel as though they’re living in the future. These rewards lead people to continue buying the new IoT device, even though their security might be on the line.
So, going into the years ahead, the question cannot be about making people value their security over convenience. Instead, it should be about educating consumers about safe practices while calling on companies to do more to make their IoT devices secure and transparent with how they manage our information.
Mismanagement of personal information
IoT devices can collect a lot of data. While some devices need this data to perform their tasks, others collect wholly unnecessary info and don’t tell their customers about this invasion of privacy.
While a company collecting personal data that they don’t need is bad enough, this also means that these companies have much more vulnerable information on their customers that could be accessed by hackers in the case of a successful attack.
An example of outrage at a company for collecting unnecessary personal information about customers happened a couple years ago when consumers learned that Samsung Smart TVs listen to private conversations.
Their own privacy policy stated, “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”
So, then the question turns to if buyers are comfortable enough to trust Samsung and the third party that the information is sent to. However, let’s not forget that earlier versions of these Smart TVs were hackable, meaning that even if you trust these large companies, you can’t always consider your data to be safe.
Our location data is also far from being secure. Almost every app uses location information for some portion of its functionality today. 73 percent of mobile data apps tested by IBM researchers accessed GPS data. They found that “60% of the tested apps had some kind of vulnerability that could lead to attackers accessing private data.”
Other researchers were able to hack very popular apps on both iOS and Android, including Tinder, Bumble, and OKCupid, viewing users’ location, login data, and more.
IoT devices: What should we do?
Well, as we’ve said, it’s unreasonable to tell people not to buy the newest and best gadgets. Using a baby monitor that streams a video directly to you is more than just convenient; it actually helps parents make sure that their new baby is safe.
While other IoT devices are simply about ease of use, people are still going to overwhelmingly choose convenience. This means that the strongest defense should be put in place by the companies that sell these devices.
More consumer education is also necessary. For example, baby monitors were hacked by malicious strangers only because the users did not install firmware updates or password protection.
However, we cannot simply blame the consumers, who might not know much about IT security if the company did not make these protective actions simple and clear to take. So, another step towards security is educating consumers about how to do everything they can to protect themselves.
Additionally, manufacturers should make it required to enter a password during installation, rather than allowing users to leave the default password. Using the defaults, attackers have been able to enter IoT devices.
The most important step, though, is the build more security into the device. One measure of this is heightened testing. Companies won’t need to send out patches as frequently if the device is intensely tested.
For example, the dating software we discussed earlier should have been better controlled to make sure that such private information as the users’ locations was properly protected. Another example of a large company failing to invest enough into IoT security was BMW, whose cars allowed hackers to unlock and start the car from their phones.
The third step is that companies need to be more transparent about exactly what data is being collected and who has access to this data. While many can argue about if Samsung should be listening through Smart TVs or not, they were right to explicitly explain to users what information they collect, and that it is shared through a third party.
This information shouldn’t be hidden in an 80-page agreement; rather manufactures should clearly explain everything regarding users’ sensitive data.
While consumers should keep their eyes open to avoid unscrupulous or unsafe businesses, change their default passwords, and apply all updates and patches, it’s shown that almost all consumers will choose the convenience of new technology over privacy. Companies need to take IoT security more seriously and provide more secure devices to protect users, both those who are tech-savvy and those who are not.
Photo credit: Pixabay
