With the rise of interactive and intelligent everyday items, concern surrounding the power these items may hold over us can arise. The fear is that, in the hands of hackers, advanced internet connected appliances could act as spies. Although most people may not be at risk of being watched doing anything more thrilling than the washing up or feeding the pets, the thought of a breach to your security and privacy and a helpful household object watching you without your knowledge is an unsettling one.
This concern does not simply stem from paranoia; the threat is a reality as some devices have been found to be fitted with spyware or with features vulnerable to hacking. A group of researchers from Positive Technologies uncovered security vulnerabilities in smart vacuum cleaners. Dongguan Diqee 360 vacuums contain elements such as a microphone and a night-vision camera. By merely acquiring its MAC address, a hacker could share the wireless network of the device, and then send a User Datagram Protocol request, potentially giving them the ability to control the functions of the vacuum. Logging onto the device is relatively simple as a lot of devices may still have the default username and password combination.
These vulnerabilities are not exclusive to the Dongguan Diqee 360 vacuum cleaners; there may also be issues of vulnerability that affect other IoT devices using the same software. Hackers may also target outdoor surveillance cameras and smart doorbells according to the Positive Technologies research team. Video and microphone access maximises the hacker‘s invasion into our private lives as they can obtain information from what they see us do and what they hear us say. Depending on the position of the IoT devices (some of which can navigate themselves around the household), the hacker could obtain your bank details by watching you use your bank card or use the information you disclose unknowingly to your household gadget to blackmail you. Although these are worse case scenarios, once a hacker has a window into your home, anything the often misleadingly cute looking gadget’s microphone or camera can capture is theirs for the taking.
Although we all assume ‘it will never happen to me’ – that attitude leaves us even more vulnerable and unprepared for a violation of our privacy. Imagine the questions you ask your home-bots to save yourself the effort of searching the web are recorded for sinister purposes, and now the hacker with access to your device knows what your interests are, and they can choose to exploit this.
What can we do to protect our IoT devices
It is essential that if people are bringing IoT devices into their homes, they are educated about the risks to protect themselves and their internet connected household items from hacking. A way to improve the security of IoT devices is to give the subject greater coverage in the media to spread information and warnings regarding the technology. Additionally, manufacturers can guide their customers on how to protect their IoT products, and in turn, themselves. A solution currently being considered for implementation in Europe is an “IoT Trust Label” to be placed on items to assure security, encourage transparency about the devices and their functions, and importantly, establish a degree of protection from surveillance. For example, if the customer is informed about the product and its abilities, and how these abilities could be exploited, they can make sure they maximise the security of their device. For instance, customers can ensure they do not leave default settings vulnerable, such as the login details required for access to the Dongguan Diqee 360 vacuums.
There is a widespread assumption that if a company’s product is reported to have flaws, it is a disaster for the company, but with IoT products, reporting and investigating failures or incidents with the technology could help to increase the standards of the products and improve security. So keeping this in mind when purchasing products is vital as you could help other owners/future owners of IoT items if you make a product’s flaws known. For example, Positive Technologies’ research into the vulnerability of the Dongguan Diqee 360 vacuums has opened up a conversation about IoT security, and this conversation will inevitably lead to improvement within the company’s manufacturing of the vacuums, as well as educating other manufacturers.
Although IoT is not yet highly regulated in the UK, there are associations made up of tech and engineering industry professionals that research IT security and monitor advancing technology. One of these associations is called the IEEE (Institute of Electrical and Electronics Engineers), and they have begun to look into IoT technology. The IEEE look into IoT system architecture, IoT network coding, IoT demands, sensors technologies, smart cities, and more. And as long as such organisations continue in their research, manufacturers must continuously check the standards of their products to appease such bodies, and in turn, improve the IoT technology that is taking over the home appliances market. With organisations and manufacturers working together to ensure the security of IoT devices, the opportunity for hackers to infiltrate our homes is less likely to arise.
With the right procedures put in place during development, in distribution and after the customer takes the product home, the likelihood of hosting a spy in your home is significantly decreased. Never be afraid to look at your IoT vacuum cleaner or smart doorbell with suspicion!