The Internet of Things Means More Things to Hack
High-tech, Wi-Fi-connected trash cans are placed around London to monitor commuters. Lefteris Pitarakis/AP
It's great that more everyday items have online capabilities, but it's also a whole new world of cyber vulnerability.
People often ask me if I “stay off the grid” by refusing to participate in online shopping and banking and express surprise when I tell them I don't bother. "Doesn’t it scare you?" they ask. "Aren’t you worried your information will be compromised?”
Yes and yes, but staying away from the Internet isn't much of an option. Plus, as the recent retail store credit card debacles have demonstrated, bad things can happen to shoppers no matter if they are online or physically in a store.
What scares me more than someone stealing my information as I shop on Zulily or Amazon is how quiet the drumbeat has been on securing the broader Internet of things.
In the past month we learned that hackers broke into the Target financial systems via an HVAC system. While the complete details are unknown, it is believed that a phishing attack using malware at an HVAC subcontractor allowed hackers to gain network credentials to reach Target’s financial systems.
As more of the items we use every day get online capabilities, our lives and the Internet of things are increasingly interconnected. From my desk, I can control the temperature of my house, look at my wrist and determine that I need to get up and walk, check my fitness app to see that my cousin in Texas is now ahead of me in total steps for the week, and open and close the windows of my networked car. From my phone, I can control my TV, my front door, my security system and the baby monitor.
Yet despite the connectivity we are not seeing a massive amount of discussion about the Internet of things and cybersecurity. Yes, there are a handful experts speaking about it – my friend and former colleague Jeff Greene at Symantec is one of them and does an amazing job of explaining the issue. The few, like Jeff, who are speaking up, however, are not enough to push for the security of Internet of things to be mainstream and the norm and not an afterthought or aftermarket add-on.
The concerns with Internet-of-things security are two-fold. The first is the ability to hack in and control aspects of our lives – open my front door, turn the heat up at my house or disable my security system. The second is the vulnerability and theft of the data collected as part of the Internet of things movement to make our lives easier and more interesting. Forget pictures of your kids, what cat video you shared with your friends and where you’ve ‘checked in’ – Internet-of-things data includes information on a user’s location, your activity level, your BMI/weight, how fast your run, when you arrive and leave home and countless other pieces of tidbits.
If you are concerned about Target's HVAC weakness, imagine a scenario where every personal aspect of your life is only as secure as the mobile devices of the friends you share with.
There is no question that the Internet of things is the future, and for those of us enamored by tech – that is awesome. We can only help the culture of security becomes a critical and common element in the Internet of things world.
Get the Nextgov iPhone app to keep up with government technology news.