The IoT and Attack Vectors
This holiday season, you might’ve received or purchased a smart device as a gift. This device might connect to your phone or computer so that it could be used remotely, or it might connect to some other smart device that you own. Such devices are a part of the Internet of Things (IoT), a hot topic in both academia and business. Jacob Morgan of Forbes describes the IoT as both “the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other)” and “a giant network of connected ‘things’ (which also includes people).” Practical examples include the Google Home and Amazon Echo smart speakers, which can connect to compatible devices such as microwaves so that everything can be activated with voice commands.
Note that applications of the IoT extend far beyond those that apply to smart homes. IoT devices have proven to be crucial in helping farmers optimize crop harvesting. According to Andrew Meola of Business Insider, farmers have been “smart farming” since 2016. Examples include the use of sensors that can evaluate soil acidity, access weather forecasts, and be accessed by smart phones for remote monitoring. The IoT helps doctors too; Sean Gallagher of Ars Technica considers hospital medical instruments with embedded operating systems to be a part of the IoT. Overall, the IoT can be a tremendous asset to the workplace.
However, there is a dark side to the convenience of the IoT: an increase in potential attack vectors. Let’s say you have a home computer with a strong firewall and a an IoT device with a weak firewall and permission to go through your computer’s firewall. Now, anti-virus software aside, imagine that your IoT device gets compromised. The hacker could exploit the connection between it and your home computer to infect the latter. Now, imagine that you buy dozens of IoT devices—coffee makers, fridges, microwaves, etc.—all connected to your computer and to one-another. One weak link could mean that your whole smart house—or even worse, your entire farm or hospital—gets infected. The more IoT devices you have, the greater the potential for weak links.
In November, Beth Steele of the FBI gave an example of a potential IoT attack vector: smart TVs, which make for tantalizing holiday gifts. Steele notes that a “bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router,” as well as spy on you through your TV’s microphone and/or camera. Steele provides the following security advice: understand which features your TV has, such as any microphone and camera capabilities; don’t rely on the default security settings, and change default passwords; learn how to shut off the camera and/or microphone, and worst case, cover the former with black tape if necessary; and finally, check the privacy policies of your TV and streaming services. As we begin a new year, you should make sure that every smart device gift is secure. It is better to make sure you’re secure now than to suffer later.