Computers, smartphones, tablets, e-readers, televisions; all kinds of everyday consumer devices we connect to the internet. But the Internet of Things (IoT), as the web of connected devices is called, is containing more and more different devices or objects which we are able to connect, such as refrigerators, toys and water cookers. Last year, 6.4 billion devices in the world were connected, while it is expected that in 2020 this number will have increased over 20 billion (Van der Meulen, 2017).
Internet connection can provide a lot of convenient features and gimmicks for products we all use, while also potentially generate data for the producers to analyze and use to increase value to those same products. The question is whether there are any risks that come with this astounding growth in the number of connected devices. The biggest concern people have is safety. Safety has always been an issue when it comes to this subject and recently there have been some developments which increased the discussion.
Yesterday (October 16th 2017), a Belgium researcher named Mathy Vanhoef discovered a widespread vulnerability in Wi-Fi (Verger, 2017). More specifically, he found a weakness in the design of WPA2, a type of Wi-Fi security which is the main security for roughly 60% of all Wi-Fi networks in the world (https://wigle.net/stats#mainstats, 2017). According to Vanhoef, hackers are able to intercept all data flows through all devices connected to your WPA2 secured Wi-Fi connection at home. This means that a hacker is potentially able to obtain secure information such as usernames and passwords, and could even be able to transfer money from your to his/her account.
Next to that, NOS reported two days ago (October 15th 2017) that more and more devices contain very vulnerable software (Schellevis, 2017). The Dutch news broadcaster states that producers sell their devices with passwords pre-installed, which are very easy for hackers to trace back. They showed a video example in which a hacker breaks into cameras of local stores, a television in someone’s living room and a webcam in someone’s bedroom. All while the owners have absolutely no clue that someone is observing them.
The effects are significant. One woman claims her webcam started moving by itself, after which the hacker started talking to her through the webcam’s speakers (Brandriet, 2017). Moreover, NOS reported in the same article that there has been a toy on the market, through which hackers are able to record whatever the player is saying when close enough to it. What if a group of hackers with truly bad means break into someone’s Wi-Fi with the intention to do serious personal harm, such as blackmailing through video images?
Luckily, the WPA-2 weakness is fixable through updates producers can provide for anyone to download and install. But it is unsure whether consumers are even aware of this ‘Internet of Threats’ surrounding them, as well as whether consumer know how to fix the problem when solutions are provided. Hopefully in the near future, a simple solution will be found to secure us all of security flaws in our home networks. But with 20 billion devices surrounding us soon, who knows what might be coming up next.
References
Brandriet, F. (2017) ‘Vrouw doodsbang door camera van Action’ 4 october 2017 [online], https://www.ad.nl/bizar/vrouw-doodsbang-door-camera-van-action~a261aa3c/ [Accessed 17 October 2017]
Van der Meulen, R. (2017), ‘Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016’ 7 February 2017 [online],
https://www.gartner.com/newsroom/id/3598917 [Accessed on 17 October 2017]
Schellevis, J. (2017) ‘Steeds meer slimme apparaten, die moeten dan wel veilig zijn’ 15 Otober 2017 [online], https://nos.nl/artikel/2198196-steeds-meer-slimme-apparaten-die-moeten-dan-wel-veilig-zijn.html [Accessed on 17 october 2017]
Verger, R. (2017), ‘Wi-Fi has a serious vulnerability. Here’s how to stay safe.’ 16 October 2017 [online], https://www.popsci.com/kracks-wifi-problem [Accessed on 17 October 2017]
Anonymous (webpage)
https://wigle.net/stats#mainstats, last update: 16 October 2017
Dear Victor,
I admire your swiftness with regards to important security developments. I agree that these vulnerabilities are concerning, especially since the security protocol surrounding the WPA2 protocols is the most secure general use to encrypt Wi-Fi connections. (Hern, 2017) Luckily Microsoft already reported to have fixed the problem for supported versions of Windows, so I only need to install the updates for my personal computer. (Warren, 2017) However, I am an IoT enthusiast so I must criticize the sentiment that you propose that these recent developments related to WiFi severely also devastates the IoT security protocols. In my opinion, although connected devices such as computers, television, gaming consoles, fridges, Alexas etc. use WiFi, the through potential of IoT is in the public domain, outside of the reach of WiFi using bandwith. It is reported that IoT will change bandwith and network requirements in the near future. (XKL, 2016) In my opinion, very scary threats of IoT hackable devices would fall under automated cars (what if your tesla stopped working mid 120mph drive), or in a situation drones are taken over by people with the worst intensions. I believe that these hackable devices which are out there in the public domain should be under equal or more scrutiny as compared to WiFi connected devices. Both are important, but with different implications. What is your opinion?
Cheers,
Derrick
Reference:
https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns
https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches
https://www.xkl.com/a-look-at-the-internet-of-things-bandwidth-needs/
Dear Victor,
U are making some good points. U state that the WPA-2 weakness is fixable through updates that producers can provide for anyone to download and install. I share your thought on the fact that (most) consumers probably are unaware of the threats of IoT, as well as whether they know how to fix the problem when solutions are provided.
Luckily, the WPA-2 weakness is fixable through updates producers can provide for anyone to download and install.
There are a lot of security experts that have warned of the potential risks of large numbers of unsecured devices, that are connecting to the internet, since the IoT concept was proposed in the late 1990s. According to Proofpoint, an enterprise security firm, more than 25 percents of IoT botnets was made up of devices other than computers, including Smart TVs (TechTarget, 2015).
Should firms get the authorization to automatically update such vulnerabilities, to secure its devices, due to the inability of the consumers?
And what if these “older” devices do not support the new architecture of the software anymore?
Which party should take the initial the remind the consumer of these dangers, the firms or government?
Here is a very interesting post that informed how firms sometimes could lack in following these privacy issues:
https://blog.hubspot.com/marketing/internet-of-things-security
Let me know what u think!
Mike
Reference:
Rouse, M. (2018). What is IoT security (Internet of Things security)? [online] IoT Agenda. Available at: https://internetofthingsagenda.techtarget.com/definition/IoT-security-Internet-of-Things-security