By Mark Cox
Decades ago, George Orwell’s dystopian novel “1984” imagined a bleak future where people would live under intrusive surveillance from an oppressive state. Well, he was half right.
What happened is that we happily bought all the electronic monitoring equipment ourselves. And rather than a totalitarian regime, those snooping on us are creepy individuals and profit-hungry corporations. Truth, it seems, really is stranger than fiction.
America is caught up in a “smart” revolution. Billions of internet-connected devices, collectively known as the Internet of Things (IoT) – all those video cameras, speakers, doorbells, kitchen appliances and toys – have become increasingly entwined into the fabric of our everyday lives.
Be smarter than your device
Follow Professor Beaty's useful tips on how to protect your privacy.
Use long passwords.
All those jaded old password tricks – using a “3” for “e,” for example – are of no use. This advice may not be popular, but it’s the length of a password that makes the difference. And seriously, I mean around 20 characters. (It’s not so bad – just pick a phrase from your favorite song or poem.)
Use a password safe.
You might use numerous passwords, but you need to remember only two of them – one for your computer and another for your password safe, which can hold hundreds of secure and encrypted passwords.
Always change the default settings.
When buying an IoT device, always change the factory settings immediately or you’ll be leaving an open door for hackers. (On Christmas morning, you’ll probably just want to plug in and use your new gift – but as we buy more connected devices, we all need to put in extra effort to keep them safe.)
Two-factor authentication is good…
This is highly recommended, particularly for your most sensitive accounts. Two-factor authentication is not completely hacker-proof (nothing really is), but it’s exponentially more secure than most other options.
…and biometric authentication is better.
Another winner. Using a person’s unique biological characteristics (facial recognition, for example) to verify their identity is very effective and really hard to imitate. My phone and computer recognize my fingerprint, and it feels pretty safe.
Be aware of cameras.
Most people know that computers have a camera. But many smart TVs include the Skype app, which means there’s also a camera inside your TV capable of watching you while you’re watching it. The answer: Cover any camera eyes on your devices with a simple piece of black tape.
Disable universal plug-and-play.
Computer gamers generally do not disable the universal plug-and-play function on their routers since they need to share access to their home network with other players. However, this also means gamers are, by definition, very vulnerable to hacking. Everyone else: Disable that function.
You’re only as strong as your weakest link.
A couple of years ago, hackers stole 10 gigabytes of valuable data from a U.S. casino by breaking in via a smart-enabled salinity monitor in the venue’s showpiece fish tank. In the same way, hackers can potentially access all your banking and personal details via your refrigerator.
But revolutions are rarely painless, and the rising popularity of such devices has been accompanied by increasing privacy concerns. At a certain point, connected convenience can spill over into personal intrusion.
There are 26 billion IoT devices worldwide. Every second, 127 new devices connect to the internet. And the U.S. is the global leader for IoT spending, coughing up $194 billion this year alone. Holiday stockings in the U.S. were stuffed with IoT devices of all kinds. Which is great, except for one thing.
“Most of this stuff is immensely hackable,” says Steve Beaty, professor of Mathematical and Computer Sciences at Metropolitan State University of Denver, “and people need to start considering that. For example, if you can peek around your home remotely using a smartphone, there’ll always be a possibility that someone else can too.”
He’s not exaggerating. Just this month, multiple Ring camera systems across four states were hacked with disturbing results. One sleeping woman was ordered to “Wake the **** up” by a disembodied voice, while another hacker taunted a terrified 8-year-old girl and left her scared of her own bedroom. And it’s not just random individuals snooping around. Major corporations have repeatedly been caught listening in to their customers’ private conversations via smart speakers.
The list of security failures in internet-connected devices is surprisingly extensive. During a recent study on hacking vulnerability, for example, researchers from the University of Texas at Dallas found they could spy indiscriminately on households, hijack drones, control the automated voices in children’s stuffed toys and even override the settings on women’s erotic devices. It was all too easy.
So why are these devices so insecure? “Because manufacturers are driven by different priorities to the consumer,” Beaty explains. “They want products that are ready to use so they won’t have to deal with the headache of customer-support calls.” But that means simple default settings that aren’t secure – or sometimes no security settings at all.
In many ways, the world we live in today was inconceivable even 15 years ago. Imagine being told in 2004 that by now you’d be able to slouch on the sofa and tell a tiny speaker to switch TV channels, dim the lights and turn on the cooker.
But while “smart” homes are very much in vogue, experts say that from a security standpoint they are a disaster. The effect is analogous to living in a house with lots of partially open windows, with hundreds of intruders trying to break in.
“There are a lot of creeps out there, and they are industrious, savvy and unpredictable,” Beaty warns. “Every unsecured device is basically an invitation for them.” Perhaps worse, he points out, several major websites provide access to millions of unsecured devices and webcams. That means users can spy on people (including children) in their homes – eating dinner, getting undressed, sleeping – without their knowledge.
One big reason for the numerous IoT security shortfalls is a lack of updates. Think of how often you’re prompted to update the security settings on your smartphone. Now contrast that with IoT devices that, unless they include an auto-update function, basically start growing obsolete the moment they’re taken out the box.
“The single most important priority with connected devices is to ensure that the security settings are up to date,” Beaty says. But realistically, who ever spent a Sunday afternoon updating the security profile of their smart toaster or sprinkler system? The truth, Beaty says, is that IoT devices are tricky to maintain and easy to overlook, so we often just don’t bother. And that’s a big problem.
But not that you’d know it. Neither corporations nor consumers seem overly concerned about the number of unsafe smart devices, probably because nothing too bad has happened – yet. But ultimately, at a personal and industrial level, according to Beaty, we will all need to take this issue seriously. Because one day, the mass-hacking bug will finally bite. And it will bite hard.
©Copyright 2019 by Metropolitan State University of Denver. All rights reserved.
MSU Denver Office of Marketing and Communications