Why Your IoT Security Matters
Last Updated: August 23, 2016
By Mir Ubaid
Are you overlooking the most important aspect of your interconnected life?
While the future of the Internet of Things (IoT) looks promising — it does come with security concerns. Antivirus giant Kaspersky Labwrote about IoT referring to the field as the “Internet of Crappy Things," after its experts hacked various devices. In its report on IoT, HP says 80 percent of devices it tested raised privacy and security concerns.
As more 'things' connect to each other, the amount of data traveling between sensors on these devices will also inevitably increase from your smartphone to smartwatch, laptop to cloud servers. Because of that increasing connectivity, keeping your data secure, and increasing your IoT security, is more important than ever today.
What devices are at risk?
Popular brands like FitBit have been hacked, as demonstrated by a researcher at a European security conference. The hacker used a Bluetooth connection, exploiting a FitBit Flex while only ten feet away.
Kaspersky expert Roman Unuchek also hacked a fitness tracker — allowing him to monitor and download the user's location. Symantec, popular for its Norton antivirus software, notes says that “all of the wearable activity-tracking devices examined, including those from leading brands, are vulnerable to location tracking."
Smartwatches are hardly any better, with users often able to get into accounts by simple password resets, according to HP. The tech giant found all smartwatches made by well-known manufacturers contained “significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns." Once hackers have access to a user's account, gathering personal information such as name, address, date of birth, weight, gender, heart rate and other health information is simple.
There are security concerns when it comes to your cars as well, with manufacturers introducing new wireless features that let users connect through smartphones, smartwatches and other wireless devices. A professor at Hiroshima City University in Japan even claimed to have hacked a car by using a smartphone.
Speaking of smartphones, an Israeli technology firm recently invented a device which can hack a nearby Wi-Fi enabled smartphone. Known as InterApp, the system quietly collects details from email addresses, passwords, photos, locations and even browsing history. Rayzone Group, says the product was not developed for hackers but for intelligence and law enforcement agencies.
Security measures now, and in the pipeline
In 2015, the Federal Trade Commission (FTC) came out with a report urging companies to build “security into their devices at the outset, rather than as an afterthought."
The agency wants companies to conduct a privacy or security risk assessment, and minimize the data they collect and retain, while also testing security measures before launching any products. The Commission also says its staff will “continue to enforce laws, educate consumers and businesses, and engage with consumer advocates, industry, academics, and other stakeholders involved in the IoT to promote appropriate security and privacy protections."
IoT poses a “number of security risks," FTC chairwoman Edith Ramirez told an audience at the Consumer Electronics Show last January. Further, Ramirez says, “some of the developers entering the IoT market, unlike hardware and software companies, have not spent decades thinking about how to secure their products and services from hackers."
The Open Interconnect Consortium (OIC), launched in 2014, is working to build a trusted and reliable guidelines for connectivity between things, and includes major companies like Samsung, Cisco Systems, Intel and General Electric.
But Daniel Dimov believes IoT sellers and producers should be actually bound by strict laws to protect consumers in this area. The Internet law analyst and author of Privacy and Security of Modern Technology, says manufacturersshould be forced to take strong, security measures, and explain to consumers, in a simple language, how to protect themselves as well.
“Consumers know, for instance, that a smart thermostat is gathering information about their heating habits, and that a fitness band is collecting data about their physical activity," says Ramirez said. “But would they expect this information to be shared with data brokers or marketing firms? Probably not."
The good, bad and the ugly
Some devices bring a greater risk of security issues than others. Understanding how much data is created — and stored — by each device creates a better sense of where yours falls in the spectrum.
A fitness tracker may only store your physical attributes and health. But a smartwatch can hear and understand your voice, track your sleep, store and track your location, monitor your email plus features found in fitness trackers. This creates a higher security risk for a smartwatch, as hackers can gain access to more data. Traditionally, desktops and laptops have been the target of such attacks. Today, as smartphones and tablets handle tasks that were only possible on computers, that focus has shifted.
You might also want to factor in the country where you bought your device in order to fully assess its security strength. In several countries, producers of IoT products are not obligated to ensure the data stored on them is protected.
“In those countries, the producers have only one goal, producing products at as low of a price as possible," explains Dimov. “Hiring highly educated information security specialists will significantly increase the production costs. Therefore, such producers prefer to skip the long security checks that need to be conducted for ensuring reasonable information security of the devices."
(Note: To learn more about how to secure your mobile devices, check out GearBrain's 8 Ways To Secure Your Smart Mobile Device.)