As I browse the aisles of Home Depot and Lowes, it’s quite impressive and, at the same time unsettling as an IT Security Professional to see the increasing amount of IoT (Internet of Things) devices being developed and offered to target the “Smart Home.”
As we roll through the holidays, we are going to see an overwhelming number of gifts and items that will have a connection to the internet and, most importantly, connection points to our home networks. The age of the Smart Home will only continue to grow as we are constantly adopting new devices like biometric and smartphone enabled locks, Wi-Fi lightbulbs with geo-fencing features to automatically turn them on or off based on your physical location, fire and carbon monoxide detectors that can interact with your iTunes play list and contact list, and thermostats that can sense when you are home or if you are on vacation. The list continues to grow as the market provides more convenience to the consumer, increasing the devices and IP addresses on home networks and raising the level of risk and vulnerability to outside threats.
"We estimate that only one percent of things that could have an IP address do have an IP address today, so we like to say that ninety-nine percent of the world is still asleep," Padmasree Warrior, Cisco's former Chief Technology and Strategy Officer, told the Silicon Valley Summit. "It’s up to our imaginations to figure out what will happen when the ninety-nine percent wakes up."
The IoT Takeover
There is a convergence between the online and offline worlds as more and more things become internet enabled, further blurring the line between the two. Every device that becomes part of the IoT (Internet of Things) will have a digital life, and with that comes an amazing amount of valuable data. That life’s worth of data will be sent to Big Data aggregators to better categorize consumer habits. It will then be sold to marketing firms willing to pay big money to learn how to better market to you based on your buying behaviors.
With that knowledge, companies will better understand your spending habits, moods, eating habits -- both good and bad -- and essentially everything about you will be sent to the algorithmic AI (Artificial Intelligence) in the cloud. This AI, such as Amazon.com’s “Weak AI (Artificial Intelligence)” can then make recommendations based off of previous purchases. Other than providing buying behavior data, what else can we expect from these internet enabled devices for our Smart Homes?
We anticipate there will be a vast amount of health and safety benefits that the “Smart Home” will provide. For example, helping to manage long-tem health issues such as dementia, autism, or diabetes. We may even see population health management using fitness trackers, heart rate monitors, and other “wearables,” all of which will have access to and integrate with your new Smart Home.
The Dark Side of IoT
But as we know, with all things, there is the “Ying” and the “Yang.” For every benefit and convenience, there are bad people that would exploit the vulnerabilities of these systems and the unwary families jumping into the new home of the future first envisioned by “The Jetsons.” One particular Cincinnati family as reported by Fox19 back in 2014, purchased a Nanny Cam equipped with Wi-Fi connectivity, a camera with full pan features and bi-directional microphone. The family was horrified to hear a man’s voice screaming through the microphone to wake the baby and upon coming into the room the camera turned towards the father and the same voice started screaming obscenities at him. In this case the hacker made himself known, but there are thousands of security camera streams that hackers post on the internet for easy access where the camera owner is unaware.
The “Internet” that most people think of and access through their Web Browser makes up roughly 2% of the Internet’s data, the other 98% is known as the “Darknet” or “Deepnet” accessed through TOR routers or not-so-common applications for browsing sites that will not turn up results through Google. There are droves of online photos and video streams accessible on the “Darknet” or “Deepnet” of compromised video feeds, security vulnerabilities and more sinister content.
A Systematic Approach to IoT
We need to think about security before we go rushing into the Jetson era and forever opening the digital blinds of our Smart Home, where logging off for the night is not an option. The most prudent course of action is to avoid IoT devices. But, if you feel compelled to adopt the latest tech, be thoughtful about where you install devices with cameras, microphones and motion sensors. And be sure to read the End User Licenses Agreement (EULA) for any device, service or app you are considering so you know what they can do with your data. Times are changing and there is no stopping the exponential growth in the amount of data collected.
Do we want our thermostat telling others when we’re away on vacation? Do we want our refrigerator transmitting data about how much bacon or ice cream we’ve eaten? As a society, we need to discuss how the advances of technology can impact privacy and security. Is it worth trading our privacy for convenience?
So this Christmas season as you’re relaxing in front of the TV and looking for a classic movie to watch, be sure to stream Minority Report, Enemy of the State, Eye in the Sky, or Terminator. Will these films remain Science Fiction or become Science-Fact? Before we know it, when we look up at that light bulb in our homes, our cars, or on our street lights, it’s going to be looking back down at us.
About the author:
Derrick Whisel has worked in IT for over 20 years, with extensive experience in project engineering, management, scoping, budgeting and design. He began his career in the military, and after being honorably discharged as an IT2 Second Class Petty Officer, moved into the private sector where he now works as a Security Solutions Specialist for Internetwork Engineering. Connect with Derrick on LinkedIn.