Even though I work in technology, I often find it hard to understand the push to involve technology in everything. Recently, our refrigerator failed, for about the third time in a year. That means, of course, perusing for a replacement. These days, they have fridges with screens embedded in them, that connect to wifi and allow you to do things with the refrigerator. They come with embedded cameras, food management software telling you when you need to throw things out, or when things are approaching expiration dates.
Maybe some folks like that stuff, or feel the need to pay more for it. More than likely, it’s a keepin’ up with the Joneses thing. You go into a house, and it has all the latest fancy gadgets and whatzits, all covered in stainless steel. Or, perhaps, the new rage “black stainless” or “dark slate” stainless. It all seems rather silly.
However, with recent revelations surrounding the Alphabet Agencies and the strong possibility that they’ve been spying on American citizens, it is no longer merely silly.
It’s utterly stupid.
Even if the Alphabet Agencies are ultimately absolved of this charge, it is clear that backdoors have been built into devices for quite some time now. And you will find that it is not merely manufacturers, software companies, and the government that are using them.
Take a gander at this: Smart TV hack embeds attack code into broadcast signal—no access required
So-called Smart TVs are becoming a problem as well, as hackers can brick them, or turn microphones and cameras (should your smart TV come equipped with them) against you. The “Internet-of-Things” is proving to be a sieve.
The hacks underscore the risks of so-called “Internet of Things” devices, the vast majority of which are given network access and computing functionalities without being adequately secured. TVs and other Internet-connected appliances almost universally lack application sandboxing and other exploit mitigations that are a standard part of computer and mobile operating systems. Even worse, most devices run old versions of Linux and open source browsers that contain critical vulnerabilities. While patches are generally available on the Internet for the individual components, manufacturers rarely give customers a way to install them on the devices in a timely way.
Think about it. When is the last time most folks even bothered to update the apps on their phone? Now consider that there are refrigerators that would now need to be considered in security terms. Your average John Doe does not think to update his fridge, or worry overmuch about whether or not it is secure.
Take the Samsung Smartcam, which recently suffered a major security vulnerability. A casual buyer is likely to trust the Samsung brand.
Consider, also, The Fappening, when various celebrity cloud accounts were hacked, and the nudes distributed across the Internet.
Now we have the proliferation of devices like Alexa and Echo which are designed to listen to your commands and do things with that data. Are people going to be fastidious about checking on the security of their smart speakers?
Some of these devices, of course, automatically update themselves, and remain reasonably secure from casual hacking. But then you have to consider a different threat for those devices which are secure: the company selling you the device, or providing you the service.
Right now, there is a bill that passed Congress which supposedly allows ISPs to sell your data to the highest bidder. Here’s the catch, though, according to the EFF: these companies were already doing it.
The GOP tells us that this is a case of regulatory overreach, and they may actually be correct about this, because the existence of the regulatory regime has done little to nothing to stop this behavior from occurring. Although, I will say right away that the optics of this bill are very worrisome.
But whether or not the bill will have an effect, positive or negative, the fact remains that your service providers have already been caught selling this data, or using it in ways you didn’t expect. You can’t trust them.
Now, imagine they have your browsing history, they know how much food is in your fridge, what you watch on TV, who you call, and who you text… Go buy some more Pepsi, says the ad on your fridge, because we know you’re out.
This is a gold mine, for companies, for government, for Alphabet Agencies within the government (who may very well be at odds with the elected government), foreign governments (the Left likes to blabber about Russia, but I’d be more concerned about the Chinese), and for black hat hackers looking to screw you over.
Is all of that risk really worth your fridge telling you that 3-week old leftover Chinese takeout should go in the garbage? I’d argue not. Do a simple risk/reward calculation on this. It’s not worth it.
So what do you do? Here are few ideas:
1. Buy “Dumb” hardware. Dumb fridges, dumb TVs (or buy Smart TVs where the “smart” portion can be disabled – at the very least, don’t connect it to wifi).
2. If you must have Netflix, Hulu, Amazon Prime, Kodi, Plex, or anything similar on your TV, consider getting a separate device like a Fire Stick, or a Roku, or a “Compute Stick” from Intel. They are cheap, and if a hacker bricks it, at least you aren’t out a whole TV. Power it off when not in use. Occasionally clear it, reset it back to factory specs and reload your apps.
3. Clear your phones of pretty much everything extra installed by the manufacturer. If you’ve some technical skill, consider wiping the OS and installing from scratch. Cynogen used to be my preferred choice in the Android ecosytem. It’s gone, now, but Lineage was forked from it in the dim mists of Android history. Consider that. If you don’t have the skill (don’t even try it if you question this), just clear everything optional you can from the phone.
4. Use proxies for your Internet browsing. Tor is reasonably easy to use these days.
5. Make sure you carefully screen new applications and software for possible hidden monitoring. Companies like to bury this in their disclaimers. Usually you can find information on the software you want to use on the Internet.
6. Don’t buy any of those smart home systems and “smart speakers” like Echo or Alexa. That’s a disaster waiting to happen.
7. If you don’t have a very compelling reason to buy any “smart” device, don’t do it.
8. Make sure you use strong passwords, both on your accounts and on your wifi router.
This won’t stop every possible way someone with malicious intent could screw with you, but it will severely limit the damage, and, in the same way a car with a few anti-theft devices will deter casual thieves, so will this eliminate casual data theft, spying, and hacking.
The Internet of Things is a spaghetti strainer when it comes to security. It’s a mess. Best not to dive too deep into it, if you can avoid it. After all, three week-old Chinese food is generally pretty good about notifying you it’s gone bad all on its own.