By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
Imagine living in a home where all the objects and appliances in your house are connected, talk to each other, and respond to your needs. You wake up and the coffee is brewed and ready to be served. You come home from work and your favorite TV channel is automatically turned on. These truly smart inventions show us where the Internet of Things is heading, but at what cost?
Tech expert Kevin Ashton coined the term “Internet of Things” way back in 1999. The concept was in its infancy then, but it meant to describe the connection of everyday objects, or things, to the internet. These objects, including conventional connected devices and smart appliances, work together on a system to respond to consumer needs.
Familiar Internet of Things devices include the smart TV and fridge, but eventually these appliances will be considered a basic use of the technology. Companies including ThingWorx3 and Sen.se are developing appliances that seamlessly retrieve knowledge without people searching for it.
Smart Appliances Can be Hacked
We’re all told to install antivirus software and spyware detectors on our PCs and laptops to keep our data safe, but we have no such strategies to protect our smart appliances. Experts suggest these innovative gadgets are just as vulnerable, so it’s little wonder nine out of ten Americans worry their information will be stolen from a smart appliance.
The threat became real when hackers penetrated home-networking routers, multimedia centers, smart TVs, and at least one smart television to create a botnet in late 2013. Hackers used this platform to deliver more than 750,000 malicious emails to targeted recipients between December 26, 2013 and January 6, 2014.
More than a quarter of the messages were sent from devices other than laptops, mobile devices, and desktop computers. With so many different internet-ready devices at their disposal, the hackers sent a maximum of 10 emails from any one source. This made the attack very difficult to block. California security firm Proofpoint said the case has “significant security implications” for the owners of these devices.
“Proofpoint’s findings reveal that cyber criminals have begun to commandeer home routers, smart appliances and other components of the internet of things and transform them into ‘thingbots’, to carry out the same kinds of attacks normally associated with personal computers,” said a company statement.
Catalin Cosoi, the chief security strategist at Bitdefender doesn’t believe “the bad guys have understood the benefits for them of making use of such things yet,” but she’s sure that time will come.
If hackers broke into the security cameras of a business, they could see exactly how the company worked, and use the information for industrial espionage. If hackers attacked the internet-enabled door locks showcased at the Consumer Electronics Show, the safety of homeowners and their possessions could be compromised. Clearly, spam emails are just the tip of the iceberg.
Smart Appliances Often Aren’t Protected
Proofpoint believes hackers may find smart appliances attractive because they often have less security than computers and tablets. “Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur,” explained said David Knight, Proofpoint’s general manager of Information Security Products Group. “Enterprises may find distributed attacks increasing as more and more of these devices come online and attackers find additional ways to exploit them.”
The situation doesn’t look like it’s changing, with Cisco research director David Orain affirming that “it is impossible to put security software on every object.”
The Internet of Things Raises Privacy Concerns
When you sign up to a website’s mailing list or purchase a product from your smartphone, you know who you’re sharing your information with and making an educated judgment about whether the company will use your data responsibly. Nevertheless, do you know who can access the information you share on an internet-ready appliance, or how they’ll use it?
40% of information technology experts say this lack of knowledge should be consumers’ chief concern about the Internet of Things. They also believe that the way this information is used will be of real concern as the Internet of Things gains momentum.
You might not mind whether someone discovers your love of action flicks through your smart TV, but you’d be more protective of your privacy if they learned when you were home by monitoring the electricity use on your smart meter. As the items within the Internet of Things work together and compile a more complete picture of you, the risk to privacy will become a greater concern.
Your Sensitive Data Often Isn’t Stored Safely
Have you ever thought about what happens to your data once you submit it? You probably assume that it goes straight to an internet service gateway, but this often isn’t the case. Many early smart meters, for example, send it to a local data collation hub where it sits ready for bulk collection later. This process sees sensitive data sitting vulnerably in unsecured locations for an undetermined period. These electricity meters are one of many internet-ready devices that work this way, leaving our data exposed without our knowledge.
The Internet of Things Raises Access Issues
When we use traditional internet devices, we rely on usernames and passwords to establish our connection and gain access to sensitive information. However, in the Internet of Things, we are generally connected without any login credentials.
This is problematic, because there is no checking mechanism to ensure we are what we say we are. There’s also no easy way to alter the information a smart device has collected if circumstances change.
With the Internet of Things, it’s also not just people that need identifying but the objects involved. For example, consider a system, which monitors livestock to identify whether cows show symptoms of diseases. A farmer must know that the cows he’s monitoring are the ones in his paddock, especially if he buys and sells some of his herd. He must also ensure only his trusted employees can access the system.
The internet of things has the potential to enhance our lives, but before we dive right in it’s important that we consider the risks and implement the necessary security measures to protect our privacy and data.