How to Secure All That Neat IoT Tech You Just Got for the Holidays (or, Don’t Look Now, But Your Frying Pan is Spying on You)

With the buying frenzy almost behind us, it’s time for kids and adults everywhere to clean up the shiny wrapping paper mess and assess all the spoils. It’s true that gift giving is good for the soul but gift-getting is just simply more fun.

Chances are that somewhere in your pile of swag, you received some sort of neat internet-connected thingy that has nothing to do with computers or smartphones. Say, for example your spouse got you a frying pan that comes with a built-in temperature sensor that’s connected to an app to tell you when your beef au jus is ready. Or perhaps the fitness lover in your life got a pair of smart socks (yes they exist, we aren’t sure why though) that for just $199, “deliver superior accuracy in step counting, speed, calories, altitude and distance tracking”, according to their website.

Smart vs Dumb

All these internet-connected devices sure do seem intriguing and futuristic but some things were better off left dumb. The proliferation of “smart-devices”, or the internet of things, has created security concerns in ways and places that we could have never even imagined 10 years ago. The internet of things has morphed into what calls the “internet of ridiculously insecure things”. And the issue is this – every time a company creates a “smart” incarnation of a product that was previously “dumb”, that’s just one more way to get hacked. This is called the attack surface and with each network-ready fitness tracker and tea kettle, the attack surface grows a bit larger.

“When you put technology on items that haven’t had it before, you run into security challenges you haven’t thought about before”
– Runa Sandvik, Researcher

Essentially, the problem stems from the fact that companies design their products with market demand, not security, in mind. Designs are pushed through to production as soon as possible and those inherently flawed devices wind up in the hands (or feet) of pretty much everybody very soon after. Security measures are typically tacked on at the end as a hasty afterthought.

Here is where IoT gets really disturbing

What is perhaps even more frightening is that this past holiday season left us with three such incidents that involved major security lapses and hacks of products specifically for kids.

Early in 2015 Mattel announced the upcoming release of “Hello Barbie”, the worlds first interactive Barbie. Immediately upon her release in November, eager tinkerers and researchers alike began to dissect the doll’s software and found a gaping vulnerability – under the right circumstances, a hacker can take control of the doll’s companion app and intercept or re-route wi-fi connections, steal passwords and record conversations.

Almost immediately after the Barbie-gate excitement, toy giant VTech’s database was hacked and the sensitive information of more than 5.6 million kids was exposed. The data included kids photos, email addresses, IP addresses, passwords and more. Right after that, the database of Hello Kitty, the anthropomorphized Japanese cat that appeals internationally to young girls and tweens, was hacked. Exposed in the hack were users first and last names and dates of birth.

These true tales of IoT horrors should make you think twice about your internet-connected devices. Are any of them compromising your security?

How to protect your internet – connected umbrella

The point here isn’t to scare you out of your wits or to convince you to trash your network-ready wine bottle opener. The point is that with the burgeoning IoT invasion, you need to be aware of what you can do to keep yourself safe – because product manufacturers aren’t doing it for you. The good news is that in the Internet of ridiculously insecure things, there are some simple things you can do to keep your devices and yourself secure:

-Install all software patches and updates to network-ready devices as soon as they are issued. Some manufacturers let you know about updates if you sign up for them via email.

-Turn off your devices Bluetooth when it’s not needed as that is an entry point often exploited by hackers on IoT devices.

-Create strong and unique passwords on all companion apps and accounts and store them in a password manager.

-Change manufacturer’s default passwords for the device itself. This information is often times available on a company’s website so it’s super-important to change it asap. If there is no obvious way to change it email the company and ask them how to do it . If that’s not possible, the FBI recommends making sure that the device providing wireless connection has a strong unique passwords and uses encryption.

-Install a strong anti-malware system like RCS on your computer, which will keep malware from segwaying on to any devices you connect to it (and keep your computer safe too).

-It’s worthwhile to check into a company’s security track record in terms of security before purchasing anything.

The bottom line is that anything that’s connected to the internet can be hacked. You don’t need to shun IoT altogether (anyway at the rate we’re going, it’s going to be hard to avoid it unless you live under a rock, a not internet-connected rock, that is) but you do need to be aware of how to protect yourself and your family so that your umbrellas and skateboards don’t start spying on you. Until security becomes a focal point for manufacturers rather than an afterthought, you are going to have to do the legwork here.

Here’s to staying safe in 2016!

Leave a Reply