Beneficial technology sometimes has unintended consequences. Sometimes products or services that make life simpler or more convenient also puts us at greater risk. As more devices monitor and track our lives, they also gather copious amounts of personal and sensitive data that could be compromised or exposed. The potential attack surface is exponentially greater when almost everything you touch is somehow collecting data or gathering information about you.
The Internet of Things
The Internet of Things has awesome potential. A thermostat, for example, is a simple device. It’s also a dumb device, more or less. It monitors the temperature of its immediate surroundings and triggers the air conditioning or heat to kick on when necessary to maintain a comfortable environment. But you don’t really need your home to be cooled or heated when you aren’t there.
So vendors came along and created a thermostat smart enough to track you, learn your patterns, and optimize your climate control for maximum comfort and efficiency. The trade-off is that these devices “know” when you’re home and when you’re not. If a burglar hacks into that data, they’ll be able to determine when the house will be empty.
Smart thermostats are just one example, though. Smartphones, wearable fitness devices, Internet-enabled refrigerators, and connected vehicles are all designed to optimize your experience and enhance your life in some way. But in order to do so, these devices and technologies must learn and know things about you. That is the second universal truth of technology: The more information you’re willing to share, the better your experience will be.
Consider the vehicles being produced today. Most have GPS navigation of some sort, and some take it a step further with active monitoring systems. The car knows where you’ve been, where you are, what direction you’re going, and how fast you’re driving at any given moment. That’s great if you get in an accident and a service is able to dispatch emergency response automatically. But what happens if the police start tapping that data to issue speeding tickets, or a divorce attorney can subpoena your vehicle’s location data to prove where you were at a given point in time?
There’s a more insidious facet of having a connected vehicle, as well. If your car is capable of monitoring its environment to apply the brakes and prevent an accident even if you don’t react, it could also be hacked with potentially dangerous consequences. Security researchers demonstrated last year that it’s possible to hack vehicle computer systems remotely and control critical functions like braking and acceleration. Imagine driving down the street and suddenly losing control of the steering, braking, or acceleration of your vehicle.
There are a few problems with our increasing connectedness. First, security is generally not a top priority when developing new devices or services. Security is a burden. Security is an afterthought. But a device that runs code and connects to the Internet in some way is at risk of being hacked or compromised, so security must be a top concern. To be effective, security has to be woven into the code from the very beginning. Adding security after the fact is like gulping down a tablespoon of ketchup after you’ve already eaten a hamburger.
The second problem is that many of these new Internet of Things gadgets don’t even have any direct user interface and are not capable of running any sort of security or anti-malware protection. If the security wasn’t built in at the beginning, there is little that can be done to protect the device after the fact.
Finally, shady hackers trying to exploit your device are not the only thing you have to worry about. You also have to worry about how and where your data is stored and whether or not the entity you’re sharing data with can be trusted to both protect it from outside attackers and not do anything inappropriate with your information themselves.