A MESSAGE FROM OUR FOUNDER AND CEO -
The new tools of computer driven life are connected. They are called the Internet of Things. However, these new super tools, toys and systems are often sold with little or no thought of security or privacy.
The latest example of things run amok is the CloudPet series of toys. The CloudPet toys include a variety of cuddly stuffed bears and dolls that talk to children via an internet link to the company computers. Parents could leave messages for their children which the toys would play back when activated. The only problem... little or no security.
You've been breached bear!
According to a report compiled by security researcher Troy Hunt, over 820,000 user accounts were exposed, including over 2.2 million voice recordings. The breach in security was so bad that hackers penetrated the CloudPet systems and attempted to hold it hostage in a ransomware scam. The company apparently did not pay up, instead restoring the data from a back-up. The problem of a breach was not corrected and the after-thought on security by the company has led to disaster. The CloudPet system is so poorly designed that a customer can create an account using a password of 1 character.
This is not the first time internet-connected toys have bitten back. VTech toys recently leaked data on millions of parents and kids. In fact, Germany recently told parents to remove Cayla dolls because of poor security. Tip for parents, until the toy industry decides that security is an issue to address before marketing, avoid these kinds of gifts for your children. The potential for pedophiles and criminals to exploit your child via a poorly secured internet of things toy is enough to avoid these items altogether.
Yet, poorly designed security is not the only worry for our new "things" life. TV maker Vizio is paying $2.2 million to settle charges that it tracked viewing data and sold that data without users' permission. This kind of breach in your privacy is not an accident, error or poorly designed security feature but an intentional scam. The company decided that selling your privacy without telling you was part of the deal when you purchased your TV.
If you have a "smart" TV - disconnect it from your home internet connection. Sure, that means you won't get access to your TV's "smart" features, such as the ability to watch Netflix without a separate streaming device like a Chromecast or Roku. It also means that hackers or manufacturers won't be able to transmit any data about your viewing habits.
Yet, the situation will only get worse as additional gadgets are added to your TV set. The concept of having a TV watch you is quickly becoming an uncomfortable feature made worse by the inclusion of both internet connections and cameras embedded inside the TV. Most people are already wary of computer hackers using web-cameras embedded inside their systems that could be activated to video you. This has led to folks such as Mark Zuckerberg and FBI Director Comey to put a piece of tape over their computer cameras. I suggest you do the same to your TV if it is equipped with a camera.
Why all this caution?
Internet connected devices such as toys, cameras and TVs are often not updated with security patches if there is a flaw in the software. The update must come from the maker and the manufacturer is often not interested in serving you after the purchase and is not really required to help out. Many of the internet things are equipped with out of date software filled with holes and bugs.
One of the largest areas of concern is internet security cameras and your computer routers. This concern is so great that the FTC is currently considering a case against D-Link, a maker of security cameras and routers used by consumers. According to the FTC, D-Link’s private key was inadvertently made available on a public website. This compromise meant that consumers seeking to download legitimate D-Link software were at significant risk of downloading malware made available by hackers using the D-Link private key.
According to the case before the FTC, hackers could exploit this flaw and compromise routers used to access the internet. Hackers might have obtained unauthorized access to sensitive personal information and could re-direct customers seeking access to financial or private data over the internet to fake sites. The D-link flaw had other problems for the variety of internet linked devices the maker sells, including its line of security cameras. Hackers might have compromised D-link security cameras, allowing them to monitor users and covertly record their personal activities and conversations.
There are other devices that are now becoming popular that also have unintended features. The latest line of voice driven Cortana, Alexa, Echo and Siri devices can often do things you don't want them to. These devices are hooked up to other little robots we can buy, allowing customers to control house-hold items by voice alone. You can turn on lights, control the A/C and even order coffee to be delivered.
One customer discovered that Apple's HomeKit, the iPhone maker's program for hooking up smart home gadgets to Siri, had a bit more control that he bargained for. The customer had outfitted his entire house with an array of HomeKit-approved lights, thermostats and even a front door lock. In September 2016, a neighbor walked up to his front door and yelled, "Hey Siri, unlock the front door." Thus, Siri obediently unlocked the door.
Siri is not alone. Last year a couple in Dallas Texas were surprised to find a giant dollhouse and four pounds of cookies they didn’t order on their doorstep, in addition to a $170 charge on their credit card. Apparently, their six-year-old daughter had asked Alexa to bring her the gifts and the internet of things fairy delivered.
These voice driven boxes are almost always listening. Sometimes they may hear more than we wish. There is currently a case winding its way through the courts where internet thingie Alexa recorded details that might be of use in a murder investigation. Thus, Alexa may be turning into Big Brother. Can the ever listening ears of your brand new assistant be used against you in court?
The contents of your Amazon history could be subpoenaed as part of a criminal investigation, just like any of the information held in cloud services from Google, Apple, Microsoft, or other companies. Amazon does not state how long it will hold onto your voice recordings but if you are concerned then you may want to avoid the whole issue altogether and simply turn on your own lights or order coffee using your phone.
There will be roughly 8.4 billion devices connected to the Internet of things in 2017, up 31 percent from 2016, and there will be an estimated 20.4 billion connected devices by 2020. While it might seem cool to hook your toaster or refrigerator to a voice assistant there are also consequences to consider beyond price and convenience.
The toaster might be spying on you.
CHARLES R. SMITH
CEO FOUNDER OF SOFTWAR INC.
ALL our products on hard copy CD - LINUX, Android and Windows in one package
ENTERPISE COMBO PACK ALL - Cypher with light sensor, PDA and introducing Choctaw encrypted Email