I’ve been reading a lot lately about the “connected home” and it is causing me mixed feelings from an information security perspective. I’ve always been very interested in what technology can do and appreciate the cutting edge of technology. I enjoy most of the new technology “toys” … when I can justify and afford them.
Many years ago I paid top dollar for a programmable thermostat, justifying the purchase by stating that it would save up to 30% on our heating and cooling bills and therefore pay for itself in short order. Maybe it did and maybe it didn’t, but it was complicated and I never really figured it out. Programming this fancy gadget was much more difficult than walking over to the dial-type thermostat and changing the temperature manually. Fast forward and I was an early adopter of an internet-connected thermostat that I can control remotely. It’s so cool!
Now we have the ability to connect almost anything at our homes to the internet and control them remotely. We install internet-connected motion sensing cameras, internet connected lights, door locks and even appliances. My television also connects to the internet. Samsung TVs in particular now have voice recognition and you can speak to them … no more searching for that lost remote. LG has released its Smart ThinQ refrigerator that must be connected to wireless internet in order to work. It was reported that at least one of these “smart” refrigerators played a role in a distributed denial of service attack impacting more than 100,000 internet connected devices and resulted in more than 750,000 spam emails. Welcome to IoT (The Internet of Things). Another new product has been released called “Hello Barbie” that is internet connected and is programmed to require a constant connection to the Internet. It records conversations and stores that information in the cloud. Apparently there is no ability to opt out of this functionality.
Since my focus is on information security, my concern is that these companies may not be spending adequate time considering security challenges. I fear that the ever increasing connected devices will quickly become a path for cyber attacks and identity theft. I’m concerned that many devices can be hacked remotely and gain the ability to spy on us and gain our personal information. These concerns have been proven to be true with many connected devices. So, while these internet connected devices are very interesting and can provide fascinating functionality, I suggest it is prudent to be very cautious when installing these devices with an understanding of the risks associated with them.
This blog was authored by CBE’s Security Team.