IoT refers to the connectivity of devices and everyday objects (think coffeemakers, thermostats, cars or washing machines). By connecting objects to a network, users can monitor and control them remotely. This is a fantastic convenience if, say, you forgot to turn the stove off before running out the door in the morning. Just whip out your smartphone and turn it off with an app. But, as always, great innovation comes with great responsibility.
At this point in our tech-savvy era, most of us know computers can be hacked and infected with malware. To avoid this we install anti-virus software and firewalls, and for the most part everything goes on happily ever after. But what about “things”? Every connection point represents a potential threat and unprotected connections almost always carry a hackability guarantee. A security expert discovered that hospital pharmaceutical pumps connected to online drug libraries were easy to hack. This made it possible to increase the listed upper dosage limit and thereby allow the pumps to administer lethal doses of any medication registered in the library without alerting nurses watching for patients whose doses exceed the documented upper limit.
Only rudimentary firewall protection is in place to protect some of our connected “things”. After all, how do you type a password into your coffeemaker or update your refrigerator’s anti-virus without a screen? While having hackers access your coffeemaker to deny you your liquid energy would certainly be unfortunate , it is nothing compared to having a pharmaceutical pump give you or a loved one too much of a controlled medication.
To make matters worse, most manufacturers seem to have little or no interest in protecting our “things” from the hands of cyber-attackers. They make our objects, that’s their job. Never before was it in their job description to protect them from the world-wide Wild West. But if consumers and enterprise users can’t access a screen on their connected objects to install security software, the manufacturer has to be the one protecting them from the online outlaws.
What you can do about this new threat
The easiest way to avoid these security issues is to avoid buying connected “things” as long as possible, until manufacturers realize it is their responsibility to protect them or at least give consumers the ability to do it themselves. This problem won’t be solved overnight but manufacturers need to start the project if they ever want to find a solution.
If your thermostat just called it quits and you can’t find a suitable unconnected one (or need the ability to turn your AC off when you’re on vacation via your smartphone), ask questions before purchasing. What security features are in place? Does the company respond to breaches and issue patches promptly? What kind of quality and safety guarantees are offered? When companies don’t see the value in protecting consumers and their data, it is up to us to protect ourselves.