The Internet of Things (IoT) is destined to change how we live and work by merging the digital with the physical. But there’s a dark side to this evolution.
The use of IoT technologies in everyday life is creating pervasive threats to privacy and security – threats that have yet to be adequately tackled.
The rapid growth of internet-capable devices is set to create a staggering amount of data that could potentially be intercepted and manipulated.
The US Federal Trade Commission estimates that fewer than 10,000 households can generate 150m data points daily. Even at this nascent stage of the IoT industry, early case studies point up the problems ahead.
In 2015, Mattel’s Hello Barbie, designed to let children talk to an interactive doll over a cloud server connection, was hacked. Investigations uncovered vulnerabilities that allowed attackers to intercept the messages.
A year ago it was suggested a smart doll called My Friend Cayla, which was designed to ask children questions and record their answers, was a potential consumer spy.
Hackers could potentially access the doll via bluetooth without using a password and then use the doll’s speaker to communicate with children, and listen in on their conversations. The doll has been banned in Germany over privacy concerns.
The FBI issued a warning last July that many smart toys have been rushed to market without sufficient attention to security and advised people to consider how the privacy and safety of children might be at risk due to the “large amount of personal information that may be unwittingly disclosed” through playing with internet-connected toys.
But IoT threats extend far beyond snooping dolls.
Research in 2015 uncovered a vulnerability in which attackers could steal users’ Google login credentials by hacking a Samsung smart fridge.
That same year, a husband and wife research team revealed they could subvert a TrackingPoint computer-assisted sniper rifle via a smartphone app and wifi connection.
Though they couldn’t make the gun fire (the trigger still had to be pulled), they could cause it to miss its target or turn off its scope.
Last year the Blueborne and Krack vulnerabilities saw attackers taking over bluetooth devices or stealing data from wifi connections.
Meanwhile, IoT devices have become the new minions in distributed denial of service (DDoS) attacks against companies and governments.
For the most part, people must fend for themselves to ensure their IoT devices are secure and as hack-proof as possible. That includes paying attention to consumer product alerts and installing security device patches from device manufacturers.
Nonetheless, people are increasingly willing to trade convenience even at the risk of more invasive privacy intrusions.
Personal assistants such as Google Assistant, Apple’s Siri, Microsoft’s Cortana, and Amazon’s Alexa are embedded in smart devices, and are always actively listening for prompts to engage with consumers.
Customers can disengage active listening, but in practice few do. As people come to rely on these devices more they need to be mindful of the risk that comes with it.