“Walls have ears.” Dionysius, Greek tyrant of Syracuse.
Dionysius reportedly constructed a cave in the shape of an ear so that he could hear what people were saying in other part of his palace. These days, an ear-shaped cave it not required. IoT devices of all kinds keep tabs on you 24 hours a day. Sometimes without your knowledge or consent. But what is the Internet of Things (IoT)?
The IoT is an extraordinarily large collection of physical devices containing small computers, software, and sensors, all connected to the Internet. What they are and what they do varies immensely. Examples include:
- Wearables — smart watches, fitness trackers, health monitors
- Smart home devices — security systems, home lighting systems, thermostats
- Smart audio-visual equipment — home entertainment systems, smart screens and speakers
- Home appliances — ovens, refrigerators, coffee makers, vacuum cleaners
- Voice activated personal assistants — Amazon Alexa, Google Home
The list goes on and on. IoT now even includes your car!
IoT devices do offer benefits. Many appreciate the convenience and control they provide such as the ability to remotely manage home heating, cooling and lighting. Or the sense of safety and security they provide. Who is at the front door? Did I leave the stove on when I left the house? Let me check. Health monitoring, particularly for those with chronic disease, can be especially valuable.
However, IoT devices also come with risks to your privacy and security. These risks vary widely depending on the product and the marketplace. Examples include:
- Companies that market IoT devices seldom prioritize privacy and security. They invest in features, time to market, and reducing cost. Basic security practices are not followed and security features are absent or poorly implemented. As such, these devices are often ripe for exploitation and misuse.
- Privacy policies may be ambiguous, opaque and incomplete. There is little opportunity to make decisions about how your personal data is collected, stored, used and disseminated.
- Products are rapidly overtaken by the market and fall out of support by the manufacturer. Updates to software and firmware are not available. Security vulnerabilities are not patched.
- Products sometimes simply violate their own terms of use. There are known instances when products recorded conversations when such recording was explicitly disabled by the user.
So if you choose to use IoT devices, what steps might you take to reduce your exposure to these risks?
- First and foremost, do your homework. Research products, their terms of use, privacy practices and maintenance support commitments. Prefer well-established, reputable companies which have a history of responsible customer support and whose brand is at risk if they fail to meet their commitments.
- Take the time to understand what options are available to you to secure the product and make decisions on how your personal information is collected and used. Configure the products to conform to your preferences.
- Apply software and firmware updates as they become available.
- Monitor the network usage of the device through your home router, or firewall if you have one. If you observe outgoing traffic you don’t expect or understand, investigate it.
I admit that this discussion feels a little negative, perhaps even grim. At the moment, however, privacy and security of IoT devices is “the wild west.” I would view it as such.
I encourage you to take action to become better informed and understand what information you’re sharing when you use IoT devices, and what are the potential risks. Make a conscious decision what IoT devices to use and how to use them. Don’t leave the decision to others. It’s unlikely they have your best interests in mind.
In the next post, we’ll review private text messaging.
Information provided in this post is subject to the disclaimer in the first post of this series.