By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
Even if you’re not familiar with the term Internet of Things (IoT), chances are you’ve already got a few IoT devices in your home or office. IoT is effectively a device designed to connect to the internet to help improve our lives and increase productivity (think Amazon Echo, or a Nest thermostat). While not all IoT products are as helpful as others (ahem, smart light bulbs), their rise in popularity does mean that we’re increasingly vulnerable to cyber-attacks.
And it’s a problem that’s only going to get worse.
The popularity of these products stems from their ability to monitor activity and respond to behavioral patterns. A smart refrigerator, for example, can remind us if we’re low on milk. We can turn on the sprinkler system in the yard from anywhere in the world. We can monitor security cameras from our phones, or watch YouTube on our smart TVs. We can unlock our front door to allow the dog walker in while we’re sat at the office, and then check the door remains locked after he’s gone. Soon, even your mattress will be connected to the internet, as well as your car—and, weirdly, your trash can.
Most devices of the future will fall under the IoT banner. In 2017, we saw IoT devices top 8 billion, which, to put that into perspective, means that sometime this year they will likely outnumber smartphones. By 2020, experts estimate that we’ll have a staggering 20.4 billion IoT devices on the market.
Some of the most popular IoT devices right now are Google Home and Amazon Echo. As you might have heard, these devices are always listening to you (it’s how they know when to respond to commands). However, not only are they listening, they’re also recording the conversations you have.
Should this freak you out?
Maybe, maybe not. After all, you’ve allowed sites like Google and Amazon to log all your web activity for years. We’re effectively doing the same thing here, except the info is deriving from your voice rather than your browser.
These devices record so much information, in fact, that law enforcement has attempted to use them to solve crimes. In Arkansas, the police tried to use an Amazon Echo in the hopes that it recorded information from a murder scene.
While the privacy advocate inside you is probably dismayed by all this, there are potentially even more alarming things to worry about:
One of the biggest issues we may face is hackers attempting to take control of our IoT devices. This is perhaps not overly concerning for your smart light bulb enthusiast (although it would be annoying if a hacker was to constantly flicker your bedroom light), but for other IoT users, it could pose a big problem.
Think about all of the things you’ve said around your Echo: Take-out orders, your bank account information, phone calls, etc. The hackers—or even researchers—use a high-pitched sound to communicate with the device. The human ear can’t pick it up, but your devices can. In fact, they call this a DolphinAttack. Why? Because dolphins can hear high frequencies. Hackers use the same methods to hack iPhones, Macbooks, and Windows 10 devices.
And do we even need to state the obvious dangers of bad guys hacking into, say, your smart door lock? Or gaining access to the controls of your car (we’ve seen numerous examples of how hackers can do this already)?
This type of hacking is nothing new
IoT devices may be new, but the hacking required to gain access isn’t. Just recently, webcams in our homes started getting hijacked. In this particular case, the hacking was used to attack a business called Dyn, one of the companies that host the Domain Name System, or DNS. When this attack occurred, sites like Netflix, Twitter, Reddit, and even Paypal were affected, illustrating another example of quite how sophisticated today’s hackers are, and that they’re already capable of exploiting your new devices.
Every device that connects to a network has some level of vulnerability. Because of the massive increase in IoT devices, this technology will be on every hacker’s radar as a potential new area to exploit. And with multiple opportunities, all they need is a single, weak point of entry.
There are several ways someone can hack in through a device. For instance, they can get into a network by using a physical attack on the hardware. They can also manipulate the software. Hackers also go right for the network itself.
With IoT devices, it’s foolish to expect total privacy and security. However, there are things you can do to make a hacker’s life more difficult (think of it like adding home security, or putting a “beware of the dog” sign on your fence; it doesn’t make a thief’s job impossible, but in all likelihood, they’ll probably move on to an easier house):
- Use a secure Wi-Fi router — Certain IoT devices may suggest during setup that you connect them directly to the internet, but this is not a good idea. Most of these products were not built with security as a primary focus, so it’s important to utilize the protection of a firewall. Use a secure Wi-Fi router, such as the ones by McAfee, to connect to your devices. These routers contain a built-in layer of protection at the network level, meaning all devices that connects to it (IoT or not) will automatically benefit from its security.
- Update the firmware — The makers of IoT devices are constantly working to improve security threats and will push out new software updates on a regular basis. Via the device’s app or company website, check to make sure all your IoT products are running the latest software available.
- Mute your devices — If you use an Echo or Google Home, you can mute it when it isn’t in use. There’s a mute/unmute button right at the top. This turns the microphone off until you’re ready to use it. You can also erase old recordings: look for “Manage my device” in the app and then delete your history.
There’s little doubt that, as IoT devices become increasingly prevalent over the next few years, we’ll be exposed to new and more advanced security and privacy threats. With 20.4 billion IoT devices soon arriving in homes and offices around the world, this is a threat we can’t afford to ignore.