This blog post was written by Bruce Snell.
Have you ever put your kids to bed only to have them creep down the stairs later? We deal with this all the time so I decided to place a motion sensor in front of their door. Any time the sensor is tripped after 8pm a signal is sent to the smart hub in our house, turning on a light at the top of the stairs and pausing whatever we are watching on TV. Yes, it does help us wrangle them back to bed, but it has also convinced our kids that the house is spying on them. They’re seeing the real time impact of their actions on the connected devices around them. While I’d like to say it’s all an effort to teach them about privacy in a connected world, really it’s just so I can watch the latest episode of The Expanse without interruption.
Joking aside, IoT privacy and security are important issues that are thankfully getting a lot of attention recently. A couple of reports have been released recently focusing on different aspects of
IoT privacy. A recent study published by Harvard University pointed out that IoT could dramatically change surveillance (both professional and amateur) and a recent study by Open Effect in Canada pointed out how your fitness tracker could be used to spy on you. Combine that with the Shodan search engine adding a new feature that makes it even easier to peak into the homes of random strangers and you can begin to see how important it is to pay attention to privacy when using internet connected devices.
For my kids, staying in bed after bedtime keeps them from being spotted by our home’s IoT but we can’t solve privacy issues by staying in bed. Don’t worry, there are some things you can do as a consumer to protect your privacy.
- Be aware of what you are sharing: Pay attention to the data and information you are sharing when you buy a new IoT device. Does that new smart doll upload voice recordings of your child? Is your smart refrigerator telling the manufacturer how often you look for snacks after midnight? While sharing some of this information may be used to make your smart device more customized for you, it’s important to know exactly what sort of data you are sharing. Then you can decide for yourself if it’s data you want to share or not.
- Use a password: The easiest way to keep someone you don’t know from accessing your webcam is to enable the password function. If the webcam you purchased doesn’t give you that option, you should return it and look for a product that does. If a company can’t give you that simple option, they are clearly not thinking about your privacy. When you enable passwords, also make sure you change to a complex password. If you leave the default password in place, it just takes a simple search for “default password” and your device name to find the password.
- Update your software (and register!): My new wireless headphones arrived last night and the first thing I had to do was update the firmware. While my oldest thought it was hilarious that I had to update my headphones, updates are extremely important because they usually include bug fixes. It’s these bugs in software that hackers use to take over a device. If you update, you have a better chance of staying protected. This is why registration is also important. If you register your device with the manufacturer, they will typically alert you if there is a new update or a security issue. Take the extra 5 minutes and register your IoT devices.
- Cover up your camera: Just because the light isn’t on, doesn’t mean the camera isn’t working. Hackers have known for years how to turn on a laptop’s camera without alerting the owner. It’s not just laptops you need to think about as many smart TVs come with a built in camera for using video chat apps. To help protect your privacy, you should always cover up the camera on any connected device when you are not using it. A quick search for “webcam cover” can show you plenty of products to cover up your webcam, but a post-it note or some electrical tape can work just as well.
- Don’t orphan your wearables: An interesting point made in the Open Effect study is that when most wearable devices cannot connect to their associated mobile device (“orphaned”), they go into a search mode which broadcasts their information out to anyone who is listening. Most wearables in their study maintained a consistent ID when looking for a connection, it is possible to use that information to routinely track your movements. While the idea of a hacker sitting around looking for orphaned fitness trackers is a bit of a stretch, it wouldn’t be unreasonable for a shopping center to use this information to track shoppers’ habits and movements. While not a direct hack, still a privacy concern.
- Don’t go for the cheapest option: Somewhat related to point #2, an established and reliable company is much more likely to take the privacy of their customers seriously. While there have been a number of high profile data breaches in the past couple of years, major manufacturers are under the pressure of complying with governmental regulations and also maintaining customer confidence and this leads to a much quicker response to security and privacy issues. While that $9.99 webcam may seem like a deal today, it may end up costing you your privacy tomorrow.
We’re living in a time when it’s becoming easier every day to stay connected with friends and loved ones via an increasingly connected world. With this connection comes an increased number of things we have to think about in order to maintain our privacy. While it may seem a bit overwhelming now, as you continue to make security and privacy a part of your daily life, it will become second nature. In the meantime, we’ll be here to help.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.