Caveat Emptor: The Internet of Things (IoT)

smart-home1It’s the hottest thing going today. All your devices connected to the internet — and to you. And, to everyone else!

Yes, your new devices that are connected to the internet are a great convenience. Turning on your lights from your smartphone. Getting messages from your refrigerator when you need resupply. Home security systems with cameras and internet reporting. That Wifi connected baby monitor. That activity monitor that you upload data to every day about your fitness activities (some companies terms of use allow them to not only retain that data, but provide it to others!).

Walt Manning, a security expert and investigator, provides some insights into the IoT via his presentation at the Government Identity Fraud Conference in March. He notes that we already have more than 25 million devices connected to the internet. And by 2020 (only a few years away) this will double to 50 million! Ultimately, it is expected that the average house will have 100 devices connected to the internet.

Moreover, almost none of these devices are secure. On average, Manning reports, each device has 25 security flaws, and none of them are truly secure. This explosion of connected devices will have 5-10 times the impact that the internet currently has on the security of data.

Because, for all of the convenience of connected devices, we pay a price. That price is data; information about ourselves and our activities is recorded in logs somewhere. Everything. And to compound this problem, so far, every connected device has security flaws. So, someone, somewhere is storing all that data about you. And, that information is also readily available to anyone who wants to hack your systems.

So you want that information available to just anyone? Where is it stored? With what security? Is it encrypted? Do you even know? And, what are “they” allowed to do with that information?

There are some things you can and should do to protect yourself. For it’s a clear conclusion that the convenience of these devices is winning over security. So, some suggestions:

  1. Most devices will connect via your home Wifi router. Make sure it is passphrase protected.
  2. Check the terms of use with your internet provider. What do they say about providing data to others? Remember, they record everything that happens over your connection!
  3. Research each device and company before you buy. Do they have secure systems? Where is the data stored? Are they allowed to give that data to others? Under what circumstances? Read the Terms of Use for everything (I know, you won’t, but I have to tell you anyway.)

If your research demonstrates the device has little or no security, and/or data will be provided to others without your permission, look elsewhere. We ARE going to buy this stuff — it’s just too cool and too convienient not to. But, we neeed to protect ourselves with some simple research into the products we buy, and buy smart (pun intended!).

a891b87d092047e4a85da861a68c0d58Again, thanks to the good folks at the ITRC and LexisNexis Risk Solutions for the conference and to Walt Manning for his great presentation on the Internet of Things ans security — some of their information is included in this article.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s