The Internet of Insecure Things

Share on Facebook Tweet Share Reddit Comment
The Internet of Insecure Things

If you're reading this from home, take a look around and check to see how many devices are connected to your Wi-Fi network right now. One? Two? If you are anything like us, the answer may surprise you. When we sat down to count the number of devices connecting to the Wi-Fi network at our home, we were definitely surprised.

There are two laptops, and two iPads that are used for majority of the work. There is a small netbook which is used to run XBMC, that's connected to the TV. Two old iPod Touch music players are used to stream music and play simple games. Two Android phones also draw data for a variety of uses. And then there are two game consoles - the Playstation 3 and the Playstation Vita, and also one Kindle. One household, with only two people living in it, and twelve devices connected to the Internet.

Agreed, some of this is probably an occupational hazard, but the reality for most people is not too different. The latest Ericsson Mobility Report states that 90 percent of US households have three or more devices pinging the Internet, and while there are no equivalent numbers available for India, we'd hazard a guess that at least in homes with broadband connectivity (admittedly a small percentage of the population), the numbers aren't too different.

That wasn't the case just five years ago, and ten years ago many people were still connecting to the Internet via a wired connection that wasn't shared across devices. Today though, we'd probably give up on chocolate before we decide to forego Wi-Fi.

(Also see: Teenagers Prefer Smartphones to Sex: Study)

And you might have noticed that this list does not have a single smart TV, connected appliances (such as a smart fridge or washing machine), smart utilities (lights, air conditioners etc) or smart security (IP cameras and locks). All of these devices can be connected to the Internet and the computers in our routers and our smart-devices are often as powerful as our PCs were in the early 90s. The future - or increasingly the present - where these devices become connected is often called the Internet of Things (IoT).

"That [IoT] is a pretty big term for pretty much anything," says Su Gim Goh, Security Advisor Asia for F-Secure. "From your watch to your washing machine to your toaster to in-car navigation, these devices all have their own operating system, and they are all connected."

When we started logging on using our computers, we realised exactly how much of a security nightmare the Internet could be. In many ways, the present day scenario is even scarier. The PC operating systems, as insecure as they could be at times, were being made by companies like Microsoft and Apple, whose primary business was making computer software and shipping updates. But are appliance makers equipped - with either the mindset or the resources - to properly secure the Internet of Things?

"I don't want to point any fingers," says Goh, "but for most of these products the companies are not security-focused. They focus on the main function - like turning on the lights, or measuring your sleep - and are often weak on security. And of course, users don't even change the default security settings."

Have you changed the password on your Wi-Fi router recently? Or ever? A very informal and unscientific poll told us that the answer to both those questions in most cases was, no.

Depending on the model you're using, your router is probably accessed with the username "admin", and the password "password". That's a popular default setting across a number of different products, and one you're supposed to change as soon as you can. But since many of us don't install our own routers, trusting the ISP to take care of all the details, it's probably never been changed even once.

"Companies should make security the default," says Goh. "Right now, you get a product and all the functions are set up, and then it asks 'hey, do you want to change your password?' It should be that you need to change the password first, before you can use the device."

This is pretty bad, but it's still not the worst thing possible because at least people need to be able to connect to your network before they can connect to your router. How would you feel about a Web camera that anyone can watch and control?

That's what often happens with Internet connected security cameras - the site Insecam collects a list of security cameras that are connected to the Internet for remote use, whose owners never bothered to change the default password. In case you're wondering, there are around 100 cameras that are listed from India alone. Clicking on a feed on the site shows you the latitude and longitude of the camera as well, in case you'd like to visit any of these locations - this restaurant's kitchen got us hungry enough to want to find out where it is.

insecam_still.jpg

Part of the problem is that many people don't see why this as a serious enough problem. Everyone will think twice about giving access to their phone or laptop to strangers, but what's the worst someone can do if they can access our refrigerator? They'll be able to see what recipes we use, or how many groceries we buy? Big deal! And if someone has access to a smart light, they could be used to play a prank such as switching the lights on in the middle of the night. Is that really a problem?

Well, aside from the fact that lights that turn themselves on and off without warning in the middle of the night might cause a heart attack, there are a lot of ways in which this is a risk.

For one thing, there's the possibility of thieves tracking your movements to plan when to rob your house. That might sound far-fetched, but four years ago we were already seeing reports about thieves who used Facebook to do exactly this. Or sample something less dangerous but still damaging. What if someone maliciously controls your air conditioner, running it at full power every day when you're not at home, driving up a huge electricity bill? You wouldn't even know something like this was going on until it was too late.

When you consider the kind of information that our connected devices will be gathering, the likeliness that they will be targeted by hackers is huge - we're already being stalked across the Internet. Connected devices will bring that to the real world as well.

"Ten years ago, people laughed when we put F-secure on phones," says Goh. "I believe that we're going to be active on Internet of Things devices, and soon."

With each additional device that is connected to the Internet, we increase our vulnerability, but this doesn't mean that people should shun the Web, or smart, connected gadgets. It just means that we need to start being more careful about our own personal technology products, and step one is to change the passwords away from the default settings.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Karbonn ST72 Voice-Calling Android Tablet Launched at Rs. 6,248
Deregulation at Heart of Japan's New Robotics Revolution
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.