By Garry Scobie, Deputy Chief Information Security Officer at the University of Edinburgh.
Ever since we developed the ability to create tools and devices, inventions have been used either for good or for bad. Take the internet, probably the most significant invention of the twentieth century, connecting communities in ways previously unimaginable - but there is a dark side.
In 1949 George Orwell published the book '1984'. It dealt with the theme of government surveillance, social control, Big Brother is watching you. But Orwell didn’t predict the development of wi-fi connected devices. He didn’t foresee society in 2022 voluntarily miking up their front rooms to a global computer network and recording every aspect of their lives for strangers and criminals to pick over at their leisure.
The Internet of Things
The idea that every consumer product can contain a microchip and be connected to the internet, allowing companies to push their adverts and products directly into your homes in a just-in-time scenario, so you have the consumable when you need it, is a marketing nirvana - for those with something to sell. For example, if you are running out of milk, your fridge could order it up. Your washing machine could place an order for powder. This technology exists. It’s tried and tested. Toilets, and even toothbrushes are next.
It is arguable we are entering the Digital Dark Age. A Dark Age that contains a marketplace, a marketplace in which you are the product. It is you that is up for sale. Manufacturers with products to sell know this, and Cybercriminals know this too.
A recent survey estimates that by 2024 there will be 22 billion devices in operation on the Internet. But the rush to be first to market has meant such products can be insecure. Security costs money and no one wants to pay for that. Shared code and a lack of testing has meant that cyber criminals, looking for an angle, treat these wi-fi devices as a new revenue stream.
The Covid-19 pandemic has made us more digitally connected than ever. This in turn has fuelled a rise in cybercrime. Social engineering or hacking humans. Cyber criminals are looking for ways inside your home. You are the product, but you are also the mark.
Many of us will install devices and applications and accept the terms and conditions which recent reports have highlighted can be longer in length than the Harry Potter novels. They take hours to read and a law degree to understand.
Are those devices listening to everything you say? Are your movements around your house being recorded and stored? Are you being watched in your home to the same extent as you are in your local supermarket? What profile is being created on you by algorithms based on the data being fed from your internet devices? In the battle against cybercrime, the trenches have moved inside your home.
Manufacturers with their glossy adverts peopled with impossibly good-looking actors, convince you of your need to have these devices. Cyber criminals buy these products too, and take them apart, find out how they work, discover what shortcuts were taken on the route to market. They wait for you to purchase and install, and then set to work to exploit the vulnerabilities they have discovered. The more devices you have, the more doors there are potentially for cyber criminals to open.
Keep it secure
It’s not all bad. The internet and such devices can be a boon to all sorts of people. The possibilities for internet-connected smart-homes are fantastic. They can assist with allowing people to lead independent lives where before, that may have not been possible. They can alert to people having accidents and contact the authorities. Robots can remind people to take their medicines at the required time, even administer the correct dose. Technology provides many worthwhile practical applications to improving people’s lives. But this level of surveillance will come at a price.
Mobile phones can be hacked. Children’s toys can be hacked. Doorbell cameras, heating systems, kettles, fridges, automatic pet feeders can all potentially be hacked. Even a fish tank in a Las Vegas casino came under attack.
So what can you do? Not buying and non-participation in this brave new world is an impossible option. There is no turning back. Many devices cannot be updated and security fixed. Vulnerabilities can be discovered after purchase but are left open for criminals to exploit. Do you simply replace every time there is a security issue?
First of all, don’t buy the cheapest you can find - there is a reason why it’s cheap. Look for well-known trusted brands. Change the default password to something long, do not re-use passwords, and deploy multi-factor authentication. Check to see if the device can be updated. Can it be maintained? What happens if it becomes vulnerable? Ask what data is being collected, where is it being stored and for what purpose? Is the data being sold elsewhere? Check online to see what others are saying. Do your homework.
Security needs to be in the forefront of everyone’s mind. We cannot simply think it is someone else’s problem to fix.