For better or worse, technology is taking over. And I don’t mean in the obvious “everybody is connected to their smartphone” kind of way. Rather, in a more holistic and invasive way, we are letting technology reach and control every little aspect of our lives. We trust it to perform daily tasks for us, like unlocking the doors to our houses, or turning on the shower and setting its temperature. It all seems to be very convenient and oh so cool, but imagine the back stage of this entire operation. Imagine what kind of processes and information your devices store in order to perform those tasks, what they need to be connected to, and who really controls them in the end.
The first footprints of smart homes were surveillance cameras. Many of us loved the idea of watching our home remotely to assure nothing suspicious was going on. It wasn’t discussed back then that this so-called “security device” is actually a threat itself.
“IoT brings many benefits to our life. But we all should be aware of the risks in place, keeping in mind the need to protect ourselves and avoid becoming victims to cyberattacks.”
So many questions must be asked before installing such devices all over your home. Is this manufacturer trustworthy? Who else might control those cameras other than me? During our ethical hacking operations (penetration tests), we hacked home cameras from all over the world. We were able to watch people walking around their houses doing whatever, all the while thinking they are in their safe private zone. On top of that, you won’t believe the amount of data that these devices are sending to their corporate headquarters somewhere on the other side of the planet.
Cameras are the least of our problems today. Imagine losing control over your home’s front door and not being able to enter it. Even worse, imagine attackers taking control over it and gaining full physical access to your home.
Some houses have their entire kitchen connected; the refrigerator, oven, and toaster are able to send information and receive commands from a remote server. Interrupting this communication and manipulating it to cause unexpected behavior is a hacking skill, and it’s possible to do so in many ways. The most obvious way is simply taking over the owner’s cellular phone, remotely or physically, which enables the attacker to make the kitchen “go crazy” and overheat, waste electricity, or even catch fire.
Connecting our private devices to the internet, what we call the “internet of things” or IoT, means sharing our private information. It means trusting something or someone outside of our home to handle our devices properly – without causing any damage to our devices, to our houses, and most importantly, to ourselves.
As we add connectivity, we enlarge the attack surface and expose ourselves to several kinds of danger. Imagine the control that a malicious stranger with the necessary hacking skills might gain by taking over the technology that manages the victim’s life.
So what do I suggest? Suspicion is the first protection I would recommend. Ask questions and research the technology that you intend to let in. Try to imagine the worst-case scenario of technology gone wrong. Validate the security measures that the manufacturer already thought of, and make sure to activate them, like changing the default password or enabling encryption.
Two-factor authentication (2FA) is not very convenient but super important in making sure your account is protected from hijacking. Ensure that your device can take orders from you alone and that no one else can manipulate it. Search for public content that a stranger might learn about you and block it. Make sure to have remote control over your devices to properly handle cases of loss or theft. Since most of our connected devices are controlled by applications on our smartphones, protecting it is vitally important. Most importantly, choose a secure hardened framework, and stay away from social manipulations that try to hack your phone through malicious messages and infected links.
IoT brings many benefits to our life. But we all should be aware of the risks in place, keeping in mind the need to protect ourselves and avoid becoming victims to cyberattacks.