IoT Insecurity – The Biggest Consumer Threat Ever?

What is The Internet of Things

The Internet of Things (IoT) is a term you’ve no doubt come across quite often but it’s one that also causes quite a deal of confusion. Wikipedia describes IoT thus:

The Internet of Things (IoT) is the network of physical objects—devices, vehicles, buildings and other items which are embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data.

In simple terms; the Internet of Things refers to everyday objects (or “things”) that are being offered with built-in network connectivity – “things” which hook directly to the internet, all by themselves, without needing a computer to interface with. More often than not, these are things that:

  • Are widely known and commonly used.
  • Were not originally designed or built specifically to be part of the internet.
  • Perform functions that do not normally require the internet.
  • Have worked fine for years without being connected to the internet (but would potentially be more useful if they were).

Typical examples might be cameras, TVs, music players, even fridges.

There has been a lot of heated discussion centered around the potential pros and cons of IoT. Potentially, it could open up a whole new infrastructure of simplicity and efficiency, however, real world experience to date is telling us a different story.

The Insecurity of IoT

History has already shown us that this technology is prone to abuse – remember the furor over Smart TVs phoning home with more than mere statistical data? As the technology spreads, more and more reports of poor and malfunctioning security are coming to the fore. Just a few days ago, highly respected investigative reporter Brian Krebs published an article titled “This is Why People Fear the Internet of Things“- here is the introductory paragraph from Brian’s informative report:

Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt.

Definitely suggested reading.

This was followed a couple of days later by an equally alarming report from Paul Ducklin at Naked Security called “More IoT insecurity: The surveillance camera that anyone can log into“. Paul’s article is centered around a popular DVR (Digital Video Recorder) which has its root password hard-coded into the firmware. Not only can’t the password be changed but it’s also plainly visible in the firmware. Paul concludes:

Until the IoT market matures and starts taking security seriously, we suggest that you keep these devices segregated on a subnetwork of their own, behind a firewall that only allows you to connect through if you login to a Virtual Private Network (VPN) first.

These are not isolated instances, it seems that, for the moment anyway, manufacturers are being very lax with regards to the security of these networked items. Even if not blatantly abusing the system, this casual attitude clearly creates a monumental privacy/security risk for consumers. Part of the problem is that these things are often built to a price with the “cool” factor taking precedence over security.

Much like the database breaches we have been hearing of almost daily, one wonders how long it will take before regulations are put in place, not only to ensure consumers’ security/privacy, but also to enforce culpability on those who are ultimately responsible.

For now anyway, it appears that any IoT device should be approached with a consummate sense of caveat emptor.

 

5 thoughts on “IoT Insecurity – The Biggest Consumer Threat Ever?”

  1. Makes my wonder why people like this ability of having everything connect to the Internet. I have a hard time trusting any wifi connection. Prefer using the wire/cable route. Even place little trust in a cell phone. Must be and sound like a 19th century person, but I place a high value on personal information, which includes who gets to see what, Mindblower!

    1. Hey, sound almost like something I would have written. My auto is unfortunately somewhat computerized (2004 Dodge Grand Caravan) but at least no GPS. Don’t have a smart phone, i-pad or even a cell phone. Also like you, I don’t trust wifi and my computers are cable attached. I do have wifi for my Roku in order to watch Netflix and of course everything I watch goes back to “home”. But even equally as bad is the fact that the website “owners” know a great deal about what I do at their website.

  2. wow, mate you come up with some the most off the wall intelligent ideas for articles. Good reading, more things to ponder. Thanks!!!

    Scary, huh.

    1. Scary indeed Roo. Seems, in many cases, buyers of security cameras need to be aware of who might be watching them as much as who they might be watching.

      Thanks for the kind words mate, appreciated.

  3. Not to mention that one of America’s main intelligence agencies has claimed that it intends to spy on us through the “Internet of things”.

    Come to think of it, indiscriminately using the cloud is also putting cool before security.

Comments are closed.

Exit mobile version

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!