Internet connected ‘smart’ devices are stupid about security
A growing dependency on network-connected technologies is outpacing the means to secure them.
NEW YORK — These days, it’s possible to use your smart phone – and sometimes just your voice – to control everything from your TV to your lights, your thermostat and shades, even your car or medical device. (At least, once you have gadgets that can listen.)
But the WikiLeaks allegation that the CIA commandeered some Samsung smart TVs as listening devices is a reminder that inviting the “Internet of Things” into your home comes with some risk.
How safe are your connected devices? Experts say tread carefully, but don’t freak out.
A GROWING INDUSTRY
Connected devices are unquestionably popular. Research firm Gartner expects there to be 8.4 billion connected “things” in use in 2017, up 31 per cent from 2016. By 2020, this number could reach 20.4 billion, with smart TVs and digital set-top boxes serving as the most popular consumer gadgets.
For businesses, meanwhile, smart electric meters and commercial security cameras are expected to be the most popular “internet of things” products.
Such gadgets are convenient, but they can present easy targets for hackers. In October of 2016 hackers seized control of webcams and digital video recorders and recruited them into internet “botnets” that launched denial-of-service attacks against popular websites such as Netflix and Twitter, forcing them offline for some users.
There’s a growing call for regulation to secure connected devices, but it’s unclear whether this will happen. Last year, the Department of Homeland Security released a report describing runaway security problems with devices that recently gained internet capabilities, a collection that includes medical implants, surveillance cameras, home appliances and baby monitors.
“The growing dependency on network-connected technologies is outpacing the means to secure them,” Department of Homeland Security Secretary Jeh Johnson said at the time. This, of course, was during the Obama administration; more regulation so far appears unlikely under President Donald Trump.
Forrester Research analyst Josh Zelonis said consumers can’t wait for the government to fix things. Instead, he said, people have to demand that manufacturers are accountable for the security of their products and that they support the products throughout the product’s lifetime, not just when it’s sold.
Which, of course, is far easier said than done.
One problem: Many people don’t realize they have to secure connected devices with passwords like they do with computers. “People don’t think of a TV or a camera as a computer and that’s all it is,” said Gartner analyst Avivah Litan.
If a device comes with a default password, it needs changing the moment you hook it up. Similarly, your Wi-Fi password shouldn’t still be the one it came out of the box; it needs a hard-to-guess passphrase to ensure that it can’t be easily hacked.
Another problem: Cheaper devices from no-name companies also pose more of a security risk. While big companies like Apple, Amazon or Samsung can patch up security holes as soon as they find them, smaller companies don’t have the resources – or, sometimes, the ability or willingness – to do so.
“Bigger companies typically have more resources and more to lose, so they are typically more secure,” said Patrick Moorhead, analyst at Moor Insights & Strategy.
Password-protecting most connected devices, though, should go a long way toward ensuring they won’t be used to take down Netflix.
“Don’t buy from smaller vendors,” Moorhead said. “Don’t buy devices that don’t encrypt data everywhere.” And change the password if you can.