If you control your garage door, your heating and your fridge from your smartphone, expect that someone else could get control of them, too, cybersecurity expert Scott Wright says.
- Shodan webcam search engine raises privacy concerns for Internet of Things
- Hackers post webcam, security camera, baby monitor video online
- Hackers kill engine of moving Jeep on highway in security demo
The explosion of the so-called Internet of Things — the gadgets we strap to ourselves or install in our homes, offices and cars that are connected and controlled by a network — leaves a data trail for hackers. It can tell them when we're home, what we're saying, and about our health.
And attacks on machines, like the Jeep Cherokee that had its brakes and other controls remotely disabled last summer, also shows that these connected devices can be a back door for hackers.
It's largely happening because manufacturers push technology to what it's capable of, says Wright, president of Security Perspectives Inc., says. But they aren't designing with security in mind, he said.
And most of us aren't buying things with that in mind either.
It may come as a surprise, then, that if you're watching TV, it could be listening to you.
"Smart TVs and appliances are sort of communicating either with each other, just monitoring your activity and deciding what you might want to do next," Wright says. "You can give them commands like the way you do to Siri, but the TV manufacturers haven't really had a lot to think about in terms of security like Apple."
While those conversations could be stored by the manufacturer, Wright says firms will often subcontract the processing or the storage of that data to another company.
"They can mine that data," he said. "They know how many times you watched certain shows or asked for certain things and that kind of information could be used for marketing or other types of commercial use."
Connected devices may also leave people vulnerable to a hacker, because they can act as a gateway to the rest of the network.
Roughly 20 per cent of U.S. households have some of form of remote-controlled smart device, according to a survey released by the National Cyber Security Alliance in November. And 13 per cent have internet connectivity in their cars.
"There was a was a case the other day where someone was able to access the wifi password out of a smart doorbell to get into the network," the alliance's executive director Michael Kaiser says. "There's a cool factor that's for sure and there's the rapid explosion of technology — but people aren't thinking about the security risks."
So-called "benign technology" — like talking toys or baby cameras — have proven especially vulnerable, because manufacturers don't expect a toy or a baby monitor to interest a hacker, Wright says.
But the hacking of Vivid Toy's talking doll, Cayla, last year shows that they can be.
"There are a lot of ways that manufacturers have to start thinking about how their benign devices can, for lack of a better word, be weaponized," Wright says. "You have to … expect that somebody could abuse that device for a number of purposes, either gathering information without your knowledge or using that device as a stepping stone to another part of your network."
How to protect yourself
The executive director of Ryerson University's Privacy and Big Data Institute says that she hopes the media coverage around other hacks will spur the public to learn more about the way in which their data has been used — and the ways in which their devices could make them vulnerable.
If they stop buying products that aren't built with privacy in mind, the market will respond to that, Ann Cavoukian says.
That could be through transparency about where data is stored, how long a company will keep it, and exactly what information gets recorded when a garage door opens or someone unlocks their front door remotely.
"It's a time for companies to accept more responsibility to secure their products," Cavoukian said. "They will also gain a competitive advantage; customers want this and they're going to be asking for it more and more. With enough people feeling that way, it'll impact their sales, and they'll get smart."