Apple’s launch of the new iPhone 7 and iPhone 7 Plus was met with early enthusiasm, despite the controversy surrounding Apple’s removal of the 3.5 mm headphone jack and a glitch with the wired Lightning EarPods included with the phone. Apple also released a new wireless headphones called Apple AirPods, which are “automatically on and always connected” to “all your Apple devices” and is designed to eliminate the frustration that comes with traditional Bluetooth pairing. Apple marketing chief Phil Schiller made clear Apple’s “vision of how audio should work on mobile devices”—“wireless.” Recognizing that some customers are not yet ready to make the switch to wireless, Schiller also announced that each new iPhone 7 and iPhone 7 Plus also comes with a Lightning to 3.5 mm headphone jack adapter. Apple’s decision demonstrates that, as Jony Ive said in the AirPods introductory video, “we are just at the beginning of a truly wireless future.”

The Apple launch is only one example of the interest in smart technology trends taking place right now. Some predict that the Internet of Things (IoT) is on the verge of transforming the digital marketplace, and is set to dominate the way we live and work. The IoT is a massive network of devices that have sensing or actuation capabilities, and are connected to each other via the Internet. The IoT includes everything from wearable fitness bands, smartphones, headphones, smart home appliances, smart tennis rackets, smart yoga mats, medical devices, and automobiles to almost anything else you can think of. When it comes to wireless communication, concerns that security vulnerabilities and IT misunderstanding of the connected system threaten to halt and even turn this digital revolution against us.

The analyst firm Gartner says that by 2020 there will be over 26 billion connected devices, although some estimate this number to be much higher, over 50 billion. Some vendors and new startups are scrambling to become part of the IoT movement, and with ABI Research forecasting 360 million smart home device shipments by 2020, smart home cybersecurity presents new security challenges. Inadequate security can provide a wide open door for malicious threat actors to exploit smart home products.

“We see an alarming increase in ransomware in smart TVs and IP cameras, code injection attacks, evidence of zero-day threats, and password eavesdropping for smart locks and connected devices,” says Dimitrios Pavlakis, Industry Analyst at ABI Research. “The current state of security in the smart home ecosystem is woefully inadequate. Smart home device vendors need to start implementing cybersecurity mechanisms at the design stage of their products.” Unfortunately, that means many of these products can probably be hacked.

Hackers could hold your fridge or thermostat hostage, or imagine discovering that a criminal could spy on you in your home through a computer webcam by hacking your solar panels.

This point was made clear last month after Independent Security Evaluators (ISE) shared exclusive results of its IoT hacking competition held in early August. ISE hosted the IoT Village at the world’s largest hacker conference with the goal of bringing together experts to learn, network, and find security vulnerabilities in connected devices so they could be fixed.  The IoT Village was created in 2015 to give hackers, security researchers, and hobbyists alike a platform through which they could find problems and get them corrected.

“The average person who is not in technology has probably never even thought of how something is hacked, but now when they realize the lock on the door of their house … or the baby monitor that they use, there’s research saying that someone can hack into the baby monitor,” Ted Harrington, Executive Partner at ISE, told Business Insider. “That becomes much more real now for the average person.”

Business Insider reports that in 2015, the hackers in the village uncovered 66 different “zero-day” vulnerabilities—previously unknown and unfixed security issues—across 28 different device types from 18 manufacturers. This year, they found 47 exploits in 23 devices from 21 different manufacturers.

“This year what we were interested in understanding was, had anything significantly changed?” Harrington said. As it turns out, he said, “bad security practices are still the norm in IoT.”

But hackers may not even pose the greatest threat to privacy for most consumers. When household appliances come with computer chips to make them smarter, consumers and privacy watchdogs should be aware the data collected by these objects and how it is used. “A fridge is no longer only a fridge, it’s now also a sensor collecting private information,” said Marco Preuss, a director at security-software maker Kaspersky Lab. “Vendors need to say what data they collected, where it’s stored and who’s using it, and regulators need to work on standards and requirements to make companies more transparent about this. It’s the only way to bring consumer trust back.”

A fridge that sends statistics and pictures of food inside to your phone, automatically orders more of your favorite beverage when your stock gets low, or even better, delivers chilled beverages via remote control sounds awesome. But manufacturers could learn a lot about consumers from the data that transits through such objects, and third parties would be very interested in getting access. Wireless might be “the future,” but many questions remain unanswered today. “Vendors need to think about the privacy of such information. Not everything connected and gathering data is allowed to share it.” Preuss said. “Do you really want your health insurance provider to know if your fridge has only beer and chocolate in it?”

–Chad Christian

One Response to The Internet of Things: Cyber Dangers in a Wireless World

  1. pbauleke says:

    Really interesting and insightful blog. Also, poses some questions. Who should be most responsible for protecting these systems from cyber attacks? If this something that should be left to private companies in the same way they provide security for computers? Should the companies be required by regulations to have at least a threshold level of security? It is amazing to think of what our technology will be capable of. But if cyber security, in whatever form, does not keep pace with the growth of technology, the benefits may be overshadowed by the privacy intrusions.