IoT (Internet of Things) products — products connected to the Internet — have resulted in a great deal of vulnerable consumers. Because manufacturers and consumers have paid little or no attention to security, these devices threaten to wreak havoc.
When purchasing new products, buyers should ask themselves a very simple question: does it really need to be connected to the Internet? Refrigerators, ovens, toasters — and yes, even toilets — do not belong on the Internet. The lack of security on these devices leaves consumers open to attack.
What can happen? We could crash the Internet (https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/). Someone managed to exploit a lot of IoT devices, and it won’t be the last time.
In a culture where most consumers get excited about new features and businesses deliver these features with little heed paid to security, our IoT security situation is not particularly surprising. But consumers need to beware. Connecting devices like refrigerators, baby monitors and home automation systems to the Internet is a risky proposition.
Besides crashing the Internet, consumers open themselves up to a whole range of disasters. That IoT refrigerator could be used as a botnet, leaving the owner potentially liable for damages. A consumer connecting a toilet to the Internet could end up with an increased water bill (or an interesting scare). That convenient home security system connected to a smart phone could accommodate a perfectly timed theft. Worse yet, a predator could determine when a home owner is alone. Any of these devices could allow an attacker access to the home network, opening up the possibility of hacked computer systems and identity theft.
Does that sound scary? Well, it is. But this post is not about fearmongering. The main point is to encourage people to use their brains when considering shiny new products. Everything has benefits and detriments.
We must weigh the benefit against the risk.
In terms of IoT devices, the risk is quite high. While it is convenient to monitor our babies from anywhere, we can’t forget to ask who else is watching our babies. If we can turn on our lights, unlock our doors and adjust our thermostats from across the country, who else can?
These are important questions manufacturers have not addressed. No security standards are being enforced on IoT devices, leaving consumers with no idea how vulnerable they are. Security is tricky enough with our computers, tablets and phones always connected to the Internet, but at least with those devices, security is an important topic. Manufacturers of IoT devices still have no incentive to secure their devices. And that won’t happen until consumers show with their purchasing choices that they care about security. Hopefully, the list of victims won’t grow too long before they do.
Bottom line. If you’re in the market for a new, non-computer device, do yourself a favor and buy one with no IoT features. If the device you want has Internet connectivity, make sure you can turn it off before you buy it.