Every day, companies with billions in their R&D budgets and nascent entrepreneurs tinkering in their garages are connecting ordinary objects to the Internet of Things (IoT) — and creating along the way rafts of new smart functions that spawn from the connectivity.
As wondrous as these new functions and services may be, they also open up huge security issues to which there isn’t really a response.
With every TV and watch added to the burgeoning IoT, we also grow a little more open to hacks from a long and expanding list of vulnerabilities. In a (mostly hypothetical) completely disconnected home, the only ways in are your doors and windows. In a completely connected home, where everything from the lights in the ceiling to the watch on your arm are linked to a global network of intertwining connections, everything is another doorway that could be broken through.
IoT security isn’t a new problem. Every year, at cybersecurity conferences, researches stress the need for more sophisticated tools to protect devices, visibility and logging features, and more efficient ways to spot and investigate malicious activity. And it’s not like the industry is oblivious to the security problem, each year, vendors make efforts to add security procedures to the devices, and patch the vulnerabilities highlighted in preceding iterations.
In a connected world, though, it’s hard to close all the gaps: as the connections between things becomes more numerous, entangled, and complex, it’s also harder to tell where all the weak spots are. Additionally, billions of older-generation devices, with all vulnerabilities intact, are already embedded within the ecosystem.
Consider that in December 2019, reports surfaced about a man in Alabama who is suing the Amazon-owned home security company Ring, claiming that the connected camera was hacked and used to harass his kids. Allegedly, while his kids were playing basketball, a voice came on through the camera and started commenting on their play.
Even if you’re careful, though, merely by being connected inevitably opens up weaknesses. Just this week, festivities at the global gathering of the mega-powerful at Davos was disturbed by the revelation that the phone Jeff Bezos, Amazon CEO, was hacked when he opened a WhatsApp link sent to him by Saudi Crown Prince Mohammed bin Salman.
In the subsequent reporting, questions circled around a critical theme: if the wealthiest person on earth could be hacked — what chance do we, the comparatively ordinary, have against the malice of the digitally malevolent?
To add to the concerns, critical infrastructure like water and energy grids have also become a part the IoT over the last decade — meaning that the damage that hackers could bring also began crossing from largely digital havoc to physical manifestations. Consider the malware installed by the NSA to disable Iranian nuclear plants in 2009; or when in 2017, Russian hackers initiated blackouts in Ukraine, possibly as a trial run to targets like the US.
One takeaway from all of this is the need for cybersecurity solutions and security standards for the IoT, which require cooperation from public and private actors alike. This would make it harder for hackers to get into home security systems and fiddle with your lights. On a national level, it is undoubtedly a new plane of warfare (imagine if connected cars were told to accelerate en masse). But, as the Bezos incident reveals, even if you could afford the best and more secure cyberprotection, a misclicked link could very easily pry open your digital safeguards. So that leads to the second conclusion, that a connected world is inherently less secure — and that, at the end of the day, perhaps the best protection we have is our own shaky judgement.