We all know we should be careful transacting online, but are you thinking about cyber-security when you’re watching TV or driving your car?
If you’re like me, those flashy new products at last week’s CES show probably got you dreaming about upgrading some of your old-school gadgets. The trend today is moving away from stand-alone devices to futuristic “connected” devices, those that can talk to the cloud or even interact with your other systems and appliances.
From game consoles, iPads, smartphones, Blu-ray players and yes, even our cars, internet-enabled devices are growing exponentially, which increases the chance for cyber intrusions. Yet most consumers and businesses don’t realize that these devices can be used as a backdoor into the network — or your home.
Make sure you are dressed when you watch TV
Just last month, a security research firm discovered a flaw in Samsung’s Smart TV that could allow a hacker to listen in on family conversations and even see everything within the periphery of the TV’s camera and microphone. As household appliances and devices become internet-enabled, consumers will have to ensure proper security measures have been taken.
And since internet-enabled appliances is a nascent market, don’t assume vendors have figured out security or, for that matter, even considered good privacy policies. Samsung has not published a privacy policy for its Smart TV, even though it too can gather data such as your viewing habits, online passwords or other personal information.
High-tech car jacks
Along the same lines as smart TVs, researchers and software security firms anticipate that embedded computer systems in automobiles will increasingly be targeted by malicious hackers. Their systems will increasingly mirror the functionality of PCs and servers and will require the same security considerations. In the UK, there have been a rash of stolen high-end vehicles, where thieves have commandeered the on-board diagnostic systems to gain entry and control of the cars.
More mobile vulnerabilities
Even internet and wireless heavyweights can inadvertently put their users in harm’s way. Nokia offers its mobile users the Xpress browser that compresses data and in turn saves money for the subscriber. Unfortunately, an exposed security flaw shows that the technology decrypts secure HTTPS data being transmitted via the Nokia servers, which implies that anything transmitted over the connection, including emails and other personal data, can be be viewed in plain text.
Nokia has assured users that they will not access personal information, and there is no reason to assume otherwise in the context of ordinary course of business. But I for one would want to know when a company has the ability to view my personal information and what they plan to do with it.
Ricer cookers, refrigerators, light-bulbs
And speaking of smartphones, this year’s CES showed a slew of smart devices that can either be controlled directly from your handset or boasting full Android integration. Think rice cookers and refrigerators with Android baked in, allowing users to not only be notified, but to also direct tasks on other appliances right from their handset.
Admittedly, these latest upgrades have been met with more eye-rolling than awe. We’ve been hearing about connected homes for a decade, but the advances have so far been slow to come. That appears to be changing very, very quickly. But should you really be worried that hackers will use your toaster to somehow drain your bank account?
Right now, the ability for hackers to gain access to your network or personal data via an internet-enabled device is theoretical. But history has shown that malicious programmers will figure out clever ways to exert control over devices remotely in ways no one planned against. Maybe not so concerning when it’s a light-bulb, but what about your heating or even security systems?
Advice for future gadget purchases
The next time you purchase a new internet-enabled device, take a moment to ask a couple quick questions so that you understand the recommended security procedures, such as:
1) Is the device password protected?
2) Is the data that is transmitted and stored encrypted?
3) Does the device sit behind a firewall?
Affirmative answers to these questions can go a long way to protecting internet-enabled devices from the most common threats, which include unauthorized access to the device, compromised data and denial of service (DoS) attacks. But remember that strong password protection remains the first, and in most cases, the best line of defense for consumers and businesses. Too many users simply keep the manufacturer default password or don’t use industrial strength passwords.
Manufactures are quickly getting up to speed on the potential for cyber attacks when they offer a device that connects to the internet or transmits wireless data, but they will have a learning curve before they deliver reasonably secure devices. Until then, ask the important questions — and you might want to cover that webcam before cuddling up in front of your TV.
Raj Sabhlok is the president of Zoho Corp., which is the parent company of Zoho.com and ManageEngine. Follow him @rajsabhlok