The Internet of Things is Still a Privacy Dumpster Fire
No, not literally, but close.
Researchers investigated 81 Internet of Things (IoT) devices like smart TVs or security cameras.
The researchers ran 34,000+ experiments and found that 72 of those devices contacted someone other than the manufacturer. For example, almost all of the TVs contacted Netflix, even if you don’t have a Netflix account. For the most part, the manufacturers do not tell you who they are talking to.
Much of the data is sent unencrypted, so anyone listening to the traffic can see what is being sent.
Vizio got caught at it (collecting and selling your data) and paid a small fine ($17 million), so they figure the risk is low.
Since most of these devices have horrible security, they are easy to hack. That fact has not been lost on the intelligence community in both friendly and not so friendly countries. That makes your smart devices extra smart – they are a listening post for the good guys and the bad guys.
For example, one camera talked to 52 unique IP addresses and one TV talked to 30 different locations.
This data is aggregated with other data to build profiles – where do you live plus where do you work plus how much do you make plus what are your TV habits. You get the idea.
Companies sell these datasets. For anyone in the United States they might be able to produce 2,000 to 3,000 different pieces of information.
Obviously, if the device has a camera or microphone, that adds more data to the mix.
If that camera is on the same network as your computer is and if your smart camera gets hacked, it is certainly possible that an attacker could use that camera to attack your computer. Actually, that is not far fetched at all – it has already happened.
So what can you do?
The easy answer, of course, is to ask if you really need that smart refrigerator or microwave. If you don’t, then do get that model. The dumb model is probably cheaper anyway.
Sometimes you can’t find a dumb device. That doesn’t mean that you MUST connect that device to the Internet if you don’t need those features.
Finally, if you are going to make that device smart, then isolate it from the rest of your network. Depending on what you are trying to accomplish, that can be hard, however, Often times you want that smart device to interact with your phone or your computer. Building rules that allows that data to travel in one direction.
I am not counting on smart devices actually getting smart until there are laws that either force the issue or change the economics. GDPR is changing the economics of privacy in Europe. British Airways, for example, just got hit with a $200 million fine. A few of those and your average CEO is going to think differently about privacy. Those laws have already started coming, but it will be at least a few years before they cause manufacturers to change their habits. Source: Motherboard.