How Secure Is the Internet of Things With Your Personal Data?
The Internet of Things (IoT) offers the convenience of refrigerators that can tell you when you are out of items and home appliances that can be controlled when you’re away from home. Yet at the same time the Internet of Things raises serious security issues that more and more of your personal data is now accessible to hackers.
How worried should you be about hackers getting hold of so much data about you?
To begin with, how secure are your passwords — those easy-to-remember or hard-to-remember “shields” you use every day to prevent unauthorized access to your bank accounts, medical information, and basically all the data in your life?
Trace Dominguez of D News provides a rude awakening about the security of our passwords in this video “How Hackers Really Crack Your Password”:
Now that we’ve all changed our passwords after watching this video, we can move on to old news and then new news of the Internet of Things security issues.
UPDATE from Robert McMillan’s August 7, 2017, Wall Street Journal article “The Man Who Wrote Those Password Rules Has a New Tip: N3v$rM1^d!”:
Long, easy-to-remember phrases now get the nod over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen, says NIST, the federal agency that helps set industrial standards in the U.S.
John Rampton in the January 20, 2015, Entrepreneur article “12 Tips to Protect Your Company Website From Hackers” said:
Theft is not the only thing on the mind of a hacker: Sheer destruction is a major motivator. Hackers may want to destroy all your records, put a sick message on your customers’ screens or just destroy your reputation.
You can never undo the damage done by a hacker, you can take steps to prevent it. Even the most basic protection will discourage many hackers enough to make them go looking for easier pickings elsewhere. Thieves are likelier to steal from people who leave their doors unlocked.
Now 2 ½ years later we have even more serious concerns from hackers starting with internet-connected toys …
On July 17 , 2017 the FBI issued a warning to parents that internet-connected toys could present privacy and contact concerns for children:
The FBI encourages consumers to consider cyber security prior to introducing smart, interactive, internet-connected toys into their homes or trusted environments. Smart toys and entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors based on user interactions. These toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options. These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.
Alyssa Newcomb in the July 18, 2017, NBC News article “FBI Warns Parents of Privacy Risks With Internet-Connected Toys” says:
Robert Siciliano, CEO of IDTheftSecurity.com, told NBC News that “the FBI coming forward with this announcement is definitely concerning.”
Months earlier a warning was issued in Germany by a governmental agency. The February 17, 2017, BBC News site carried an article with the headline “German parents told to destroy Cayla dolls over hacking fears”:
An official watchdog in Germany has told parents to destroy a talking doll called Cayla because its smart technology can reveal personal data.
The warning was issued by the Federal Network Agency (Bundesnetzagentur), which oversees telecommunications.
Researchers say hackers can use an unsecure bluetooth device embedded in the toy to listen and talk to the child playing with it.
On a nationwide level …
The July 18, 2017, opinion pages of The New York Times carried Dipayan Ghosh’s article “Apple’s Dangerous Market Grab in China” that begins:
Apple announced last week that it will open a data center in Guizhou, China. This is a first-of-its-kind action by a major United States tech company since the passage last month of strict new Chinese digital commerce regulations that require foreign companies with operations in China to store users’ data in the country. These events could threaten to disrupt the free flow of information over the internet.
The Chinese government claims its new rules will enhance domestic security efforts, providing privacy protections for Chinese nationals while also safeguarding ‘national cyberspace sovereignty and security.’ It would be naïve, however, to think of these new regulations as anything but a severe restriction on the right to free information.
And speaking about China, Li Yuan reports in the July 27, 2017, Wall Street Journal article “Talking Speakers Just Arrived — and There’s Already a Bubble“:
Smart speakers powered by artificial intelligence are one of the hottest consumer products in the U.S. Amazon.com Inc., Alphabet Inc.’s Google and Apple Inc. are all offering competing products. If they think that’s a crowded field, they should come to China.
Within a day of Apple announcing its voice-activated HomePod speaker in June, Song Shaopeng, founder of smart-speaker technology startup Sugr Electronics Corp., fielded calls from three electronics manufacturers with the same request. All wanted his help to make HomePod-like products.
This is another security concern — what information are those AI speakers learning about us that hackers can access?
From toys to countries and back again to the morning “fuel” of many adults
In the May 8, 2017, Forbes article “Security Surprises Arising from the Internet of Things (IoT)” Stuart Madnick, MIT Sloan Prof. of Information Technologies; MIT School of Engineering Prof. of Engineering Systems; Director of MIT (IC)3, begins:
My brother can’t function in the morning until he has a cup of coffee. So I use his daily routine as an example.
Picture my brother stumbling down to the kitchen one morning only to find his internet-enabled coffee maker won’t work. There’s a message on his iPhone: “We have taken control of your coffee pot and unless you pay $5, you won’t have your coffee.” This actually hasn’t happened. At least, not yet.
Madnick goes on to explain later in his article:
Threats to IoT can be divided into two categories. First, devices are taken over to do something they are not intended to do, like a security camera that becomes part of a botnet attack. But also devices can be commandeered to do exactly what they are intended to do but in a devious way. Think of directing a self-driving car to drive off a bridge. Consider the cyber attack on Iran’s nuclear enrichment centrifuges to make them rapidly speed up and then suddenly slow down (imagine pushing down hard on the accelerator, and then the brake in your car), which eventually seriously damaged them. That flummoxed operators who had never planned a response to prevent something like that because why would you do that in the first place?
And Madnick concludes his article:
So far, my brother has been able to get his morning coffee without incident. But what ransom might he pay for a jolt of java on the day that his coffeemaker balks?
Brave New World …
Many 20th- and 21st-century writers and readers of science fiction have worried about similar mind-control and information-denial scenarios. And now with the Internet of Things reality is catching up with fiction.
What will be the ultimate answer to the Internet of Things security issues? The outcome is still unknown.
Yet do take steps to protect your data as much as possible! (Enplug digital signage uses Amazon’s secure cloud-based system.)