In this period of social distancing, our “smart” connected IoT devices are helping us in ways we never imagined. For example, voice assistants now help people navigate guidelines from vetted sources to assess COVID risk and symptoms, and telehealth apps and triage chatbots are further guiding evaluations.
In a growing effort to keep surfaces clean and hands-free, there has been a boon to smart home voice control of things we now look at as “surfaces”: TV remotes, light switches, thermostats, door locks, security cameras, TVs, DVRs, A/C/heating units, and refrigerators. This has created a complex web of connectivity among IoT devices labeled “smart” despite their security and privacy vulnerabilities.
We should heed FBI warnings and articles about drive-by hacking of “things,” and think about the data entry points we create— not only for hackers, but manufacturers, app developers and anyone who might want to eavesdrop and violate the sanctuary of our homes during these times of crisis. The issue extends to healthcare and other industries implementing the IoT for efficiencies. For example, healthcare devices have been found to be more vulnerable now than ever.
Gartner estimates there will be about 25 billion connected things by 2021. As IoT “things” get coopted into botnets, bad actors can prey on embedded electronics, opening paths of entry for connected-appliance cyberattacks. They infiltrate “simple” devices without detection and gain access to the more important smart phones and computer networks they know connect to more coveted networks and devices.
During our time of socially distanced work and personal life, it’s important that we all get “back to basics,” slowing down to ask the logical questions about security, such as:
• What problem does adding an IP address ‘here’ possibly open up?
• What malware and other vulnerabilities may my smart devices introduce to shared networks?
• As IoT is introduced to services, applications or products, what security fixes can go in at the same rate?
Smart capabilities don’t have to lead to not-so-smart decisions at home as our personal and professional lives intersect. We just need to check that the things we use are designed to do what they are supposed to, plus incorporate the security we as customers and end users deserve. There’s no such thing as a “benign” environment, so we must all think every step of the way about how what we are using or doing opens the door to criminals that want to infiltrate, compromise and break things.
While IT can design things with these criminals in mind, it’s also up to all of us to remember that the answer to technology-induced risk is not always “more technology,” but rather the basics of knowing the risks and vulnerabilities we potentially introduce when connecting in the IoT-driven world. Our basic responsibilities aren’t so basic anymore.