No Safety Nets in the Real World

We are in the midst of a “smart revolution” — more than 20 billion smart devices are now spread across the world, collectively forming the Internet of Things (IoT). In five years, the global IoT will expand to more than 75 billion devices, outnumbering the world population by ten-to-one. But it’s not just devices. The volume and variety of data generated by devices is growing at an even faster rate; by 2025, the IoT will generate 80 zettabytes (one trillion gigabytes) of data per year.

In this smart revolution, everything from speakers to formerly inanimate household objects are being fitted with WiFi modules and sensors. The result? We can now automate away mundane parts of our daily lives and interact with our devices via voice commands and even facial gestures. Want your coffee machine to brew a fresh latté the moment you wake up? The IoT can do it. Want your refrigerator to stock itself when it’s empty? The IoT can do it. Want to shut your blinds, dim the lights, and adjust your thermostat without leaving your couch? The IoT can do it.

Convenience is great, but it’s not all fun and games in this new smart revolution. There is a dark side that is putting our fundamental right to privacy at serious risk. Cyber criminals are always looking for new targets — as the richness and sensitivity of data from the real world greatly outweighs its digital counterparts, smart homes are the new Holy Grail for hackers.

Deciphering who we are from our digital activities is far more benign than spying into our homes through our devices. Throughout 2019, major hacks of smart cameras from Amazon, Google, and more illuminated just how vulnerable we are. Whether it is creepy, like hackers talking to young children via Ring cameras, or dangerous, like remotely unlocking our front doors, we must remember: The IoT can do it.

A recent PEW Research study indicated 81% of US Internet users believe their online data is vulnerable to hackers. However, only 22% of this population feel security measures to protect their data are insufficient. These results are telling — when it comes to our digital data we are conscious of its constant exposure to hackers, but accept it as the status quo.

Perhaps the magnitude, frequency, and randomness of data breaches have left us all jaded. Many victims of the infamous Equifax hack in 2017 that affected 147 million people were oblivious to Equifax even having their private data, which was obtained indirectly through data sharing agreements with banks and other third parties. But perhaps the biggest driver of society’s complacency with hacks and breaches is the presence of “digital safety nets”. Knowing that our private data is floating around the dark web due to corporate negligence is concerning, but we may take comfort in knowing the impacts can be minimized. In Equifax’s case, the company offered free 24/7 monitoring services to victims — a small price to pay for leaking half of the nation’s social security numbers.

Ironically, the same companies that put our digital data at risk are also the ones that protect us from the repercussions. But things are different in the real world. A data leak is not just your Spotify history, it is security camera footage revealing when you leave your house every morning. A password breach is not just the credentials to access your email, it’s the credentials to enter your home. A hack is not just hijacking your social media account, it is attacking your connected vehicle as it zooms down the highway.

The steady growth of the Internet of Things represents an ever-expanding attack surface for malicious actors. Research from SAM Network found that smart security cameras account for over 47% of IoT devices compromised in 2019. Smart hubs and network attached storage (NAS), which commonly link to other IoT devices, are the next most vulnerable devices, accounting for 15% and 12% of the compromised devices, respectively. Other commonly targeted smart devices include speakers, TVs, and printers.

The interconnectedness of the today’s smart homes is a critical consideration. In a fully connected home, it’s hard to do anything without leaving some kind of digital trace. Often, these breadcrumbs of chatter between devices, hubs, and routers provide a live blueprint for hackers to navigate from one vulnerable device to others. In the security world, a foundational principle “a system is only as strong as its weakest link”. You may think nobody is interested in hacking your smart TV, but once it is connected to a smart hub storing your data and credentials, it can quickly become a prime target for malicious actors.

Learn more: Website | Twitter | Telegram | Medium | Reddit