The Internet of Things is destined to change how we live and work by merging the digital with the physical. But there’s a dark side to this evolution.
The incursion of Internet of Things (IoT) technologies in everyday life is creating pervasive threats to privacy and security – threats that have yet to be adequately tackled.
Put simply, the rapid growth of Internet-capable devices is set to create a staggering amount of data that could potentially be intercepted and manipulated. The U.S. Federal Trade Commission estimates that fewer than 10,000 households can generate 150 million discrete data points daily.
Even at this nascent stage of the IoT industry, early case studies point up the problems ahead.
In 2015, Mattel’s Hello Barbie, designed to let children converse with the interactive doll over a cloud server connection, was hacked. Investigations uncovered numerous vulnerabilities that could enable attackers to intercept a child’s communications and create other havoc.
More recently, it has been alleged that a smart doll called My Friend Cayla, which was designed to ask children questions and record their answers, is a potential consumer spy.
Hackers can potentially access the doll via Bluetooth without using a password and then use the doll’s speaker to communicate with children, and listen in on their conversations. The doll has been banned in Germany over privacy concerns.
In the same vein, the U.S. Federal Bureau of Investigation (FBI) issued a warning last July, noting that many smart toys have been rushed to market without sufficient attention to security.
The FBI urged consumers to consider how the privacy and safety of children might be at risk due to the ‘large amount of personal information that may be unwittingly disclosed’ through playing with internet-connected toys.
But IoT threats extend far beyond snoop dolls. Research in 2015 uncovered a vulnerability in which attackers could steal users’ Google log-in credentials by hacking a Samsung smart fridge.
That same year, a husband and wife research team revealed they could subvert a TrackingPoint computer-assisted sniper rifle via a smartphone app and Wi-Fi connection. Though they couldn’t make the gun fire (the trigger still had to be pulled), they could nonetheless cause it to miss its target or turn off its scope.
In other recent examples of IoT threats, the Blueborne and KRACK vulnerabilities discovered in 2017 raised the specter of attackers taking over Bluetooth devices or stealing data from Wi-Fi connections, respectively.
Further, IoT devices have become the new minions in distributed denial of service (DDOS) attacks against companies and governments.
For the most part, consumers must fend for themselves to ensure their IoT devices are secure and as hack-proof as possible. That includes paying attention to consumer product alerts and installing security device patches from device manufacturers.
Nonetheless, people are increasingly willing to trade convenience even at the risk of more invasive privacy intrusions.
Personal assistants such as Google Assistant, Apple’s Siri, Microsoft’s Cortana, and Amazon’s Alexa are embedded in smart devices, and are always actively listening for prompts to engage with consumers.
Customers can disengage active listening, but in practice few do, as that subverts the always-on experience they come to expect.