Are you safe in the Internet of Things? – USA TODAY
The Internet of Things, the popular name for the technology by which devices are connected and controlled over the Internet, is big, and it is only getting bigger. The presently estimated number of Internet of Things devices of 4.9 billion devices is expected to rise to 25 billion by 2020. IBM has recognized the opportunities present in the Internet of Things and earlier this week announced it is investing $3 billion in a new business unit that will focus entirely on developing products and services for the Internet of Things.
What kinds of things make up the Internet of Things? Products include cars, refrigerators, coffee makers, televisions, microwave ovens, fitness bands, thermostats, smartwatches, webcams, copy machines, medical devices and even some sex toys.
So where are you vulnerable? A better question might be where are you not vulnerable?
A study last year by HP Security Research concluded that 70% of the most commonly used Internet of Things devices had serious security flaws with 90% of the devices using unencrypted network service and 70% vulnerable through weak passwords.
A recent report issued by the Government Accountability Office found that the computers that make up the National Air Traffic Control System are vulnerable to hacking. The GAO issued 17 recommendations and 168 specific actions to address security weaknesses in security controls including — what should have been obvious — the need to encrypt sensitive data. The threat here, as noted by New York Sen. Charles Schumer, is that “sophisticated terrorists could even steer planes into one another. The threat of a cybercriminal taking over this system makes your stomach sink.”
In 2007, former vice president Dick Cheney was so concerned about hackers that he had the Internet connection on his pacemaker disabled. In 2013, the Food and Drug Administration issued guidelines for encrypting wireless device communications; however, the guidelines are only advisory and not required by law.
Many people became aware through a recent 60 Minutes piece as to how susceptible cars are to being hacked and remotely controlled. In February, a lawsuit was filed in federal court alleging that Toyota, Ford and GM have all “deliberately hidden the dangers associated with car computer systems, misleading consumers” as well as endangering the safety of drivers. Sens. Ed Markey and Richard Blumental have introduced legislation to require automobile manufacturers to better protect the privacy and security of drivers.
And now a former Tesla intern, Eric Evenchick, has developed a simple credit-card sized device that costs $59.95 and can enable someone to take over the functions of Internet-connected cars. The device was created by Evenchick to help researchers identify security vulnerabilities in the systems of Internet-connected cars, but it also is something that could be exploited by hackers with less lofty goals.
Even vibrating sex toys with video capabilities are a part of the Internet of Things and pose the risk of not only the vibrator being remotely controlled, but video images of the user stolen and used for blackmail.
For its part, the Federal Trade Commission is taking seriously the dangers posed by the Internet of Things. In January, it released a report in which it urged businesses to take greater action to protect both the privacy and security of consumers using products that are a part of the Internet of Things. The FTC urged companies to build security into their Internet of Things devices at the initial development stage rather than as an afterthought in the design process. The report went on to suggest several specific steps for companies to take to better protect the privacy and security of their customers. Among the recommendations is that companies inform their customers and provide them choices in regard to the data collected by the companies through their Internet of Things devices. More recently the FTC has indicated that it is getting ready to regulate the Internet of Things through a new Office of Technology Research and Investigation (OTRI) in an effort to protect consumers’ privacy and security. Among the specific areas it will regulate are cars and new mobile-payment methods such as Apple Pay.
So how can you protect yourself in this brave new world of the Internet of Things?
1. Don’t store personal identifying information on any device. Don’t even use your real name.
2. Use a unique and complex password for all of your devices so that if one is hacked, all of your devices are not jeopardized.
3. Read the fine print and find out what information is gathered and stored by your devices as well as how that information is used by the manufacturer.
4. Your smartphone is the entrance way to your car’s connectivity. Keep your smartphone protected with a strong and unique password as well as anti-virus and anti-malware security software.
5. Change the default usernames and passwords on all of your home network devices.
6. Use and update anti-virus and anti-malware software on your home computer network.
As scary as the Internet of Things may appear, with better efforts to provide security and privacy by companies making these devices and by all of us taking better precautions, the Internet of Things can be made much safer.
Steve Weisman is a lawyer, a professor at Bentley University and one of the country’s leading experts in scams and identity theft. He writes the blog scamicide.com, where he provides daily update information about the latest scams. His new book is Identity Theft Alert.