Con Watch: Hidden Dangers in the Internet of Things

With internet-enabled devices, you may be able to talk to your refrigerator, but who else is your fridge talking to?

A collection of digital devices connected to a cloud, signifying the connected nature of many household items

Weekly Newsletter

The best of The Saturday Evening Post in your inbox!

SUPPORT THE POST

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

The Internet of Things is the name for the technology by which a wide range of devices are connected and controlled over the Internet. The list of things that make up the Internet of Things includes cars, refrigerators, coffee makers, televisions, microwave ovens, fitness bands, thermostats, smart watches, webcams, copy machines, medical devices, home security systems and even children’s (and adults’) toys.

According to the research firm Gartner, 8.4 billion devices made up the Internet of Things in 2017 and is expected to increase to more than 20 billion devices by 2020.

While these internet-connected devices can be very convenient and helpful, helping you track your calories or unlock your house remotely, they also can have a much darker side.

In 2017 Italian researcher Giovanni Mellini published his findings that he was able to remotely hack into and take control of a sex toy. While a Bluetooth-enabled toy may open up new vistas for consenting adult, it also opens up frightening new opportunities for hackers.

In 2017 the FBI issued a warning to consumers about the privacy and identity theft dangers posed by internet-connected toys for children. These toys are incredibly sophisticated and can tailor their responses to a child’s behaviors and words. The toys often come equipped with sensors, microphones, cameras, data storage components, speech recognition, and GPS. Some of these toys pose a security threat in the way they gather and store information.

For instance, the doll My Friend Cayla has hidden cameras and microphones that can be used to record private conversations over an insecure Bluetooth connection. She has been banned in Germany since 2017, according to the Bundesnetzagentur, the German telecommunications regulatory agency.

The dangers can be quite serious. In 2011 researcher Jay Radcliffe hacked and disabled an insulin pump connected to the Internet, and in 2015 security researchers Charlie Miller and Chis Valasek famously hacked Jeep Cherokees.

The most prominent danger posed by the Internet of Things is when cybercriminals are able to hack your devices and then move within your home’s computer systems to access your routers, laptops, tablets, phones, and computer hard drives. From there, they can steal personal information such as your credit card numbers, bank account passwords, and other information that can be used to make you a victim of identity theft. They can also enlist your devices to distribute malware anonymously.

How to Protect Yourself

  • Your first line of defense is your router, so it is important to change the default password that your router came with.
  • Next, set up a guest network on your router exclusively for your Internet of Things devices.
  • Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding.
  • Make sure that you install the latest security patches as soon as they become available.
  • Use encryption software for the transmission of data and find out where data is stored and what steps are taken to secure the information.
  • Limit the amount of information you provide when setting up the accounts for toys. The less information out there, the less is your risk of identity theft.
  • Use your router’s whitelisting capabilities, which will prevent your device from connecting to malicious networks.
  • Change the default password on each device as soon as you set up the product. Unfortunately, particularly for older devices that are a part of the Internet of Things, security was not built into these devices and they may not even be password enabled.
  • Consider using an Internet hub, which is a device that can control multiple Internet of Things devices through a single mobile app that utilizes dual factor authentication and encryption. The manufacturers of these Internet hubs such as Samsung’s SmartThings also provide regular security updates. Not all Internet of Things devices are hub certified, which is why when buying an Internet of Things device you should look for hub certification as an indication that the manufacturer is security conscious.
  • Refrain from clicking on links or downloading attachments in emails that may contain the malware that enables a hacker to access your computer and then your entire network of Internet enabled devices. Never click on links or download attachments unless you have absolutely confirmed they are legitimate.

The Internet of Things can be a safe (and fun!) place if you merely take the necessary precautions.

Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now

Comments

  1. The information you give on how to protect yourself is extremely valuable and important, of course. Really though, it’s probably best to avoid internet-enabled devices in the first place when you possibly can.

    So many of the items mentioned in the first paragraph do NOT need to be connected to the Internet; gimme a break! You’re just ASKING for trouble despite taking the most cautious precautions. The ‘toys’ for children’ seem particularly insidious and I would never allow them in my home. The description above should give anyone (with half a brain) the creeps!

    It’s tiresome to have so much tech overkill where it’s not necessary or desirable, and hardly any where it IS needed!

    Where is the tech to stop high-speed chases that endanger lives nearly everyday? Where I live (L.A.) they’re that frequent and can go on for hours!

    I’m no scientist, but c’mon! Within a few minutes of one of these pursuits, there’s a helicopter flying over the vehicle with the cops on their trail. Surely at this late date there’s the tech (via drone or laser), to stop/disable the vehicle immediately. This is important tech that can save innocent people from getting killed by one of these idiot criminals, and not be wasting the LAPD’s time and resources.

    Do you think it’s a lack of tech ability to stop these chases Steve, OR more the lack of utilizing it because the local TV stations need the ‘dirty laundry’ for ratings? Please review and advise.

Your email address will not be published. Required fields are marked *