By Shehzad Ahmad, Head of Information Security, Denmark, Nets
The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official policy or position of Nets.
Your daughter's Wi-Fi doll may be her new best friend, lending an ear when she needs it, but did you know that hackers could turn the doll into a surveillance device and spy on your household? Did you remember to check the software updates from the doll manufacturer – often, they will contain critical security patches? And have you taken the time to develop a security strategy for the drone, thermostat, or the smart TV you bought your spouse for Christmas?
As we've grown accustomed to our computer or smartphone updating their software automatically, these questions may seem a little over the top. We obediently click on OK when an app prompts us to accept an update. What we tend to forget is that smart toys come with default user names and passwords which makes hacking them, well, child's play.
Our homes abound with smart devices. In the living room, bedroom and playroom – everywhere, you'll find tiny computers that need updating, even if they are disguised in a camera, a doll or the smart speaker resting inconspicuously on your kitchen table.
I'm a great fan of home automation and how it opens up new possibilities
But in recent years, we've witnessed how hackers and other criminals have picked up on security flaws in many of the new gadgets surrounding us. Criminals have hacked Wi-Fi baby monitors or taken over the control of a large car – there are many examples, and the scary part is that many of them we may not even have detected yet. Unfortunately, it takes a while from you spot the latest fad on the shelves until you realise that you're dealing with a computer that needs checking, maintenance, updating and, basically, to be turned off.
Personally, I've plunged into the Digital House with enthusiasm, smitten with home automation and the possibilities it represents. But as a safety-conscious consumer I've come to the conclusion that I need a plan for what I will allow in my house, and how we will make use of it. I draw the line at products equipped with microphones listening in on every word uttered in the room 24/7.
Granted, being able to ask for the weather report is pretty convenient, and having the device find your favourite song on Spotify is not so bad either. But I find it intrusive that someone could listen in on conversations had in the privacy of my own home and have decided to embrace home automation but limit it to when both I and my devices are online on our private network.
In other words, I won't be able to automate my home from a distance. I understand it would be convenient to be able to dim the lights, turn on the washer or turn up the heating when I'm out. But by doing so, I would allow my units access to the open internet through my firewall, in a location where I am no longer in control.
Manufacturers may forget to close security holes
New opportunities mean new threat patterns, and it isn't always easy to predict criminals' next move. My advice is not to fear technology but to use it with caution. Decide how far you're willing to go and, not least, know your limitations in terms of cyber security:
- Do you feel safe having a smart TV with a built-in camera connected to the internet in your lounge, then fine, assuming you are able to check and install updates to it. But how about your new surveillance camera, your son's new Wi-Fi drone or the new Wi-Fi coffee maker?
- Are you able and willing to check and patch your devices regularly, and are you certain the manufacturer even cares to close the security holes found throughout the product life cycle?
- Checking for security updates for your devices - would you consider putting it on your calendar?
Often, you won't know whether to trust a manufacturer. You can't always rely on them to keep installing security updates; maybe they have let standards slip to avoid being in the red, or they may simply stop updating discontinued models.
If you don't trust manufacturers, perhaps it's time to ask yourself if your devices are really that smart to have in the house anyway? Could hackers, at least the patient ones, take advantage of your gadgets' security holes two years down the line when they're being discontinued and no longer receive any security updates?