Smartphones. How could we live without them, right? The average person unlocks their smartphone 80 times a day. 80! The mixture of power and convenience is just so useful. It’s no wonder companies are applying this technology to all sorts of appliances nowadays that you wouldn’t normally associate with being “smart”. Smart fridges, smart watches, smart toys. I could go on and on. It’s all about moving to the “internet of things”, designed to make our lives seamlessly integrated with the latest internet technology. By the end of 2017, consumers will be using 5.2 billion connected things, according to Gartner. That number is set to more than double to 12.8 billion by 2020. Seems great, right?
Well, yes. But there’s a big caveat. Basically, as Miko Hypponen put it:
“Whenever an appliance is described as being "smart", it's vulnerable.”
If something can be programmed, it can be hacked. These devices contain all kinds of sensors and transmitters that collect and share information. Just last month, malware was detected in a “smart” dishwasher. Yes, you read that right. A dishwasher. Moreover, we have it on record that certain smart TV manufacturers have no qualms with simply recording all the conversations any people may have while being near the screen.
Even more worryingly, the FBI has come out with a warning just last week regarding “smart toys” increasingly popular among young children. Many of these high-tech toys can carry on a conversation, which requires a microphone. It's very possible -- even likely -- that those mics could be listening to any, not just playtime chatter. If the toys hear something, there's a good chance they're also transmitting that data to a remote server. There’s also a big risk that personally identifiable information (PII) about a person’s children could be collected. If a connected toy happens to leak details like the child's name, physical address or phone number, that creates an opportunity for identity theft. Leaked GPS data (say, on geotagged photos that are uploaded) could even allow someone to pinpoint your child's physical location.
Needless to say, all of these security issues are almost certainly just the tip of an oncoming iceberg. So, how can we guard ourselves properly in an increasingly complex information environment? There are several pre-cautions one can take:
Use authentication when pairing the device with Bluetooth (via PIN code or password)
Use encryption when transmitting data from the device to the Wi-Fi access point and to the server or cloud
- Only connect and use smart devices in environments with trusted and secured Wi-Fi Internet access
- Research the device’s Internet and connection security measures
- Research if your device can receive firmware and/or software updates and security patches. If they can, ensure your devices are running on the most updated versions and any available patches are implemented
- Research where user data is stored – with the company, third party services, or both – and whether any publicly available reporting exists on their reputation and posture for cyber security.
- Carefully read disclosures and privacy policies (from company and any third parties) and consider the following:
- If the company is victimized by a cyber-attack and your data may have been exposed, will the company notify you?
- If vulnerabilities to the device are discovered, will the company notify you?
- Where is your data being stored?
- Who has access to your data?
- If changes are made to the disclosure and privacy policies, will the company notify you?
- Is the company’s contact information openly available in case you have questions or concerns?
- Ensure the device is turned off, particularly those with microphones and cameras, when not in use
- Use strong and unique login passwords when creating user accounts (e.g., lower and upper-case letters, numbers, and special characters)
- Provide only what is minimally required when inputting information for user accounts (e.g., some services offer additional features if birthdays or information on preferences are provided).
By taking these relatively simple but strongly effective preventative measures, you can ensure peace of mind while continuing to take advantage of all the benefits and convenience rapidly advancing internet technology has to offer.
Better to be safe than sorry.