Since I work in IT, a colleague sent me this recent Raconteur article, “Is your washing machine a security risk?”. I laughed and opened it, routing through Apple TV onto my 55-inch Sony for easy reading.
After the first few paragraphs, I thought about shutting off the TV. Why? Because writer Stephen Armstrong’s piece makes a compelling case: The Internet of Things (IoT) exposes smart homes to cyber-attacks.
It cites a scene from the hacker drama Mr Robot, where a corporate executive is terrified out of her apartment as appliances run amuck—setting off alarms, lights and the stove. Happenstance? No, hacked.
With 30+ years in information technology, I’ve seen plenty of cyber-attacks and attempts, from back-door breaches to all-out assaults. Add to them the occasional oddball hacks, such as Guccifer and Cyberziest.
Knowing the dangers, I’m professionally paranoid—at work and home. Ugly passwords. Cryptic codes. Backups to backups. And of course, two-factor authentication. A must these days.
Even with precautions in place, you can’t help but get your guard up even more after reading this IoT article.
You Lock. iUnlock.
Especially chilling is a quote by Earlence Fernandes, a University of Michigan researcher. He worked with Microsoft to tamper with home systems via the Internet. “The worst-case scenario is that an attacker can enter your home at any time they want, completely nullifying the idea of a lock.”
For every security attempt, there are defenses—apps, patches and firewalls, which elevate as the risks escalate. But the bad guys never sleep, on Netflix or the Internet.
What’s a homeowner, or businessperson, to do? Especially today, where home space and workplace are often one in the same. Here’s a little cyber-sense to keep in mind, wherever you live or work.
To me, it begins by being able to trust the source. Before buying or contracting, vet the reputation of the supplier. Research how well the products and services are engineered for peace of mind.
Does the smart appliance maker build in security? Check. If not, can you install after-market safeguards—whether it’s for a refrigerator—yes, the fridge—or home-energy devices?
Also, how many cross-checks and fail-safes does the service provider have in place? Verify. Wi-Fi or hardwired, iGnorance is no excuse. In fact, it’s counterintuitive to live dumb in a smart house.
For instance, in late 2016, an IoT-driven cyber-attack “shut down dozens of major web sites including Twitter, Spotify and SoundCloud,” according to KQED Radio.
KQED reported: “Security experts say the attackers used a network of easy-to-hack, internet-connected devices like home security cameras, smart TVs and refrigerators to overwhelm Dyn, one of the biggest internet management companies in the country.”
That’s not how it’s supposed to work, tweeted Jeff Jarmoc, Saleforce security chief in a BBC News story: “In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.”
My point, exactly. Too much, too soon. How do you weigh the value of being well-connected vs. too exposed?
Answer: Use good business sense. Keep work devices isolated. Self-contained in their own secure systems. Employ some common sense. Maybe give up a little IoT convenience. So what if you can’t dial on the stove while driving home from work. Why risk getting your household compromised—or dinner overcooked, if traffic jams?
For security to truly work, it must reside everywhere. Halfway won’t cut it. Hackers exploit weaknesses in any system. As news reports show, IoT-enabled products have just as many worries as they do wonders.
Vigilance is the watchword in a virtual world. Without defenses, the Internet of Things becomes the Internet of Trespassers.
Just ask that woman executive who bolted from her apartment. Wonder if she turned off the lights?