Having everything in your life connected could be great or could be a giant disaster
Personal assistants sound like so much fun, don’t they? At least, if you believe the commercials they do.
“Siri, find me a Japanese restaurant in Riyadh.”
“Alexa, turn down the lights and turn up the music.”
“Google, what’s theweather forecast for her heart?” (Stormy, apparently, if one is married to a popular country musician.)
Chances are pretty high by now that you’ve seen the commercial. Google and Amazon are both being especially aggressive this season in selling various styles of their different personal assistant devices. The commercials do a very good job of showing the positive side of having as much of your life plugged in as possible. Unlocking the door so you don’t have to fumble for keys in the rain. Checking how to say “hello” in an obscure language just before meeting a guest from a foreign country. Reading your grandmother’s cookie recipe to you while you’re hands are covered with flour. There’s even a refrigerator whose contents you can check while at the grocery store. All of that sounds absolutely wonderful, doesn’t it?
Welcome to the Internet of Things, a growing atmosphere where, increasingly, every part of our lives, from what’s in our closet to the temperature setting on a slow cooker, are potentially available for control either by voice command or an app on your phone. Everything is right there, waiting for you to tell it what to do, or perhaps following previous instructions. Welcome to the future. The world looks extremely comfortable from this viewpoint.
Wait, though. Before you introduce Alexa or Cortana or Google to every aspect of your home, you might want to stop and think about the consequences.
Only In The Movies
Well, television, actually. The show is CBS’s political drama, Madame Secretary, wherein actress Tea Leoni plays Secretary of State Elizabeth McCord. One of the subplots this season came with the theft of her son’s laptop. There were threats and some suspicious activity here and there, resulting in increased security for the family.
Their real vulnerability was exposed, however, when a hacker takes over all the “smart” appliances in their home, turning them all off and on at random. The scene was almost comical as the ice maker in the refrigerator kept spitting ice at family members. For the family, however, the event was terrifying. They quickly became aware of the fact that the Internet of Things isn’t quite ready for prime time yet. There are still a number of bugs to be worked out before the system can be trusted with the finer points of our lives.
How close was the episode to reality? Probably closer than most of us would consider comfortable. While the ice throwing might have been a bit of a stretch, the rest of that scene is pretty accurate. There are a number of “smart” devices available on the market now that allow those devices to be controlled remotely, usually through an app on your phone. While the ice throwing part might be a bit of a stretch, the rest is entirely possible. Even “dumb” appliances can be made “smart” by plugging them into a connected outlet. If you have something that runs on electricity, it can, in theory at least, be connected to the Internet.
While that might sound convenient, the problem is that the Internet is not a terribly safe place to store things that are valuable. No matter how secure you might think the cloud is, there is someone out there right now trying to hack it.
Warning from the FBI
The dangers that come with the personal assistants and the Internet of Things are inherent to the beast. Everyone knows about them. The question is how to mitigate those risks down to reasonable levels. Last September, the Federal Bureau of Investigation released a rather lengthy Public Service Announcement addressing some of the more urgent and frequent security concerns. Here’s an excerpt from that statement.
The main IoT risks include:
- An exploitation of the Universal Plug and Play protocol (UPnP) to gain access to many IoT devices. The UPnP describes the process when a device remotely connects and communicates on a network automatically without authentication. UPnP is designed to self-configure when attached to an IP address, making it vulnerable to exploitation. Cyber actors can change the configuration, and run commands on the devices, potentially enabling the devices to harvest sensitive information or conduct attacks against homes and businesses, or engage in digital eavesdropping;
- An exploitation of default passwords to send malicious and spam e-mails, or steal personally identifiable or credit card information;
- Compromising the IoT device to cause physical harm;
- Overloading the devices to render the device inoperable;
- Interfering with business transactions.
A couple of things here are worth noting immediately. Anything that is “universal” is universally at risk. That means that the device is open to accepting information from any number of potential sources, making it especially easy for hackers to access the system. Anything with a “default” password is vulnerable even before it’s shipped. Passwords that provide access to multiple objects in your home places your whole family at risk. While security has improved since these guidelines were released, there is still a very high probability that putting one’s home online is putting one’s home at risk.
Even systems you thought were safe can be risky. Remember that huge Target hack that happened last year? The hackers were able to get into the system by using credentials stolen from an HVAC worker. That’s right, Target’s HVAC is online. Not only is it online, when the hack occurred, none of the system’s default passwords had been changed. For hackers to break into the entire system was as easy as possible.
We should also probably mention that anything app controlled can be easily blocked, either by a person or by one’s ISP or by another app. There are myriad ways in which access to your control app could be blocked.
Improvement still requires caution
A lot has improved since the FBI’s warning came out last year. With each new iteration of a product, developers are getting infinitely better at building security into their devices. However, it is going to take a while before all connected services are totally safe.
A 2014 article from digital security provider TrendMicro contains some very valuable advice if you want to make your home both smart and safe.
- Ensure that smart devices are secure – (ex: Username/password)
- Regularly change smart device access credentials
- Check/replace batteries in devices and sensors
- Diagnose and Resolve device operational issues
- Monitor device manufacturer notifications (ex: web sites, feeds, e-mail, devices) for notifications of device operational issues and firmware updates
- Perform firmware updates, as required to ensure continued device security and operation
- Perform device management app updates on smart phones/tablets of family members
- Reconfigure existing devices to grant additional access by other family members
- Identify new household convenience scenarios and configure/test devices accordingly
- Assist other members of the household with smart device related issues
Those are very important consideration to remember before making anything in your home accessible through the Internet.
I was talking with a friend yesterday about this very topic and she raised the fear of losing her entire music collection. I countered that perhaps even worse than losing the collection would be having it corrupted. Imagine saying, “Hey Alexa, play Zeppelin.” and what you get is a familiar-sounding dinosaur singing, “I love you, you love me …” That is exactly the kind of horror to which we make ourselves available.
Not everything about the Internet of Things is bad, mind you. The potential for both convenience and learning are significant (Alexa, what sound does a whale make?). However, if we’re going to put more and more of our lives online, we have to understand the risks and, perhaps most importantly, be willing to accept the consequences.
Think before you connect yourself or someone else this holiday season.