We’re living in homes and buying toys that are connected but how well-protected are they from hackers? As we get more and more connected, concerns about cyber security are increasing.
Peter Nowak, Toronto Star
Internet-enabled devices are quickly making homes more connected and intelligent, but it’s not the “smarts” of the domiciles themselves that worries security experts — it’s whether or not their owners are applying any when buying and using such gizmos.
“The consumer doesn’t look at any of these devices and see risk. They’re unaware there’s any issues with them to begin with,” says Robert Siciliano, a security expert and head of Boston-based BestHomeCompanys.com. “It’s only when they find out about them that they deal with them, if at all.”
Smart home products and the larger so-called internet of things are promising a wealth of new capabilities and features — from controlling temperatures on a phone or allowing access to a property remotely — which is why they’re exploding in popularity.
Growth in the Internet of Things also increases security risks
More than one in five households already use mobile devices or apps to remotely access or control devices within the home, according to the U.S. National Cyber Security Alliance. That percentage is set to grow dramatically around the world, with the number of internet-connected devices expected to hit 50 billion by 2020, according to a trend forecast from Cisco and DHL.
But while home monitoring cameras, digital bathroom scales and even connected toys offer additional conveniences and abilities, they’re also delivering new potential threats. The hazards, security experts say, can range from creepy to downright disastrous.
In July, for example, Ontario Provincial Police warned families using internet-connected baby monitors to be cautious after one couple discovered strange voices and music coming from their device. Boston-based security research firm Rapid7 found that several brands of monitors were easy to hack after similar incidents in the United States.
Last week’s data breach of children’s toy maker VTech also has experts warning about playthings such as Mattel’s new Wi-Fi connected “smart Barbie,” a doll that uses cloud-processed artificial intelligence to talk back to children. Like the baby monitors, such toys can ultimately be used to spy on kids.
Weakly protected devices can also act as Trojan horses that allow criminals access to other gadgets in the home or even users’ identities and financial accounts.
A number of recent situations outside of homes highlight the potential dangers. On several occasions this past summer, U.S. researchers hacked into Jeeps and Corvettes through their infotainment systems and took control of steering and brakes.
The Federal Bureau of Investigations also banned a researcher from commercial flights earlier this year after the man claimed to have accessed plane controls by hacking into entertainment systems.
Security cameras, bathroom scales and toys introduce the same sorts of risk to the home.
“A criminal [can] bridge from the device itself to, say, a desktop computer that’s connected to that same wireless network,” Siciliano says.
The first step consumers should take to prevent such problems, experts say, is to ensure their Wi-Fi routers are secure. Strong passwords are a given and users should ensure the firmware — the permanent software that powers gadgets — is routinely updated with the latest security patches.
Most routers are remotely updated by internet providers — Bell and Rogers, the two biggest ISPs in Ontario, say they do so automatically — but consumers should check regardless. Users are going to have to start being mindful of their gateway to the internet if they’re going to connect everything in their home to it.
“For most people, the router is that little device that sits on a shelf somewhere that blinks away and collects dust. But routers need updates as well,” says Michael Kaiser, executive director of the National Cyber Security Alliance. “People really have to pay attention in this space as they start to hook things up.”
The same goes for every device that connects to the router itself. Some manufacturers routinely discover and patch vulnerabilities by automatically pushing updates to their products, but the recent hack examples show many companies are still lax in their approach to security.
Standardization and government regulations may eventually be applied to smart home devices and the larger internet of things, but for now policy-makers are taking a hands-off approach for fear of squelching the many benefits that device makers may cook up.
When it comes to the smart home, users are therefore going to have to get more intelligent than their devices.
Hackers remotely seize control of a Jeep Cherokee with an internet-connected computer, turning on wiper blades, radio volume and air conditioning. Fiat Chrysler later issued a software patch designed to defeat the hack.
VTech’s server breach is one thing. But Barbie herself is another potential target for hackers, according to one U.S. researcher. Hello Barbie, Wi-Fi enabled, has a microphone to record children and respond, via a third-party company. The researcher found it was easy to get access to the account information associated with the doll, as well as the microphone, as a potential eavesdropping device.
The U.S. Food and Drug Administration warned health care facilities to stop using the Hospira computerized pump, which delivers medicine continually to the bloodstream. The pump communicates to the hospital’s information system, which in turn is connected to the wider Internet. Not that anyone apparently did, but they could theoretically alter medication levels in patients.
More than 100,000 “smart” gadgets were part of a massive spam email campaign in late 2013 that saw 750,000 junk messages sent out, compromising computers, home routers and smart TVs. The malware responsible installed itself on smart appliances like fridges and connected TVs. Beyond the nuisance of spam, the attack also suggested hackers could get access to any personal data stored on the smart device, such as credit card numbers.
Source | TheStar.com