Years ago, Samsung came out with a voice-controlled television. My wife was appalled. Who in the right mind would want a device that sits in the house and listens to everything that goes on?!
As it turns out, lots of people do.
Her issue was that someone, somewhere, could listen in, and probably already was. Her fears were confirmed when the company acknowledged the televisions sent some recordings to the mother ship for analysis so they could perfect their voice recognition software. But don’t worry, they don’t record much and they keep it really secure. Right.
Since then, tens of millions of people have added smart speakers to their homes, specifically inviting devices that listen to every word. Ostensibly these devices wait for their “wake up” phrase, but as Amazon was forced to admit, they have lots of recordings of our everyday lives, and some of those playbacks would be quite embarrassing.
These corporations might be tone deaf to privacy concerns, or even behaving badly, but they’re not the biggest threat. Your best chance of getting hacked comes from old stuff that’s probably sitting close to you right now, like your printer.
You can fix it, but chances are, you won’t.
There’s a phrase in the tech world that’s supposed to be funny. “The ‘S’ in IoT stands for security.” IoT means the internet of things, referring to devices connected to a hub, like your home network, which is then connected to the internet. Obviously, there’s no ‘S’ in IoT, which is the point. There’s no security.
One estimate puts the number of IoT devices at 7 billion today. That number’s expected to more than triple to 21.5 billion by 2025. Many manufacturers of home cameras, internet-controlled lighting systems, and other devices try to build in security measures. Many don’t.
The cheaper devices use off-the-shelf security approaches and commonly borrow from other applications. When bad actors find a security flaw in one, they can access all of them. Paying a bit more for better equipment can help you avoid this, but it only goes so far.
The real problem is that all devices are hackable, it just takes time. The longer a device is on the market, the more time hackers have to find a way in. Printers are a great example.
As long as my printer spits out what I want, I don’t think about it very much. Even though it’s a couple of years old, the thing can be connected to the internet so that I don’t have to fuss with messy wires. That’s convenient for me as a user, but it also offers a point of entry for hackers.
They’re not interested in what I print. They want a point of entry to my home computer network. Once there, they can rummage around looking for passwords and userIDs for bank accounts, investment accounts, and other things that I might have stored in my contacts or on a spreadsheet. Sound familiar?
Or it could be that the hackers don’t want my stuff at all. Instead, they run programs in the background of my network, posing as me through my IP address to launch malware and attacks on other systems around the net.
It turns out that I have the power to stop most of the attacks on my devices and networks, and so do you. We just need to follow two simple steps, which most of us won’t.
- Set and update the passwords for internet-connected devices. Most people never change the passwords that come with their equipment, and those that do rarely update them. This makes passwords easy to figure out and makes the equipment immediately vulnerable.
- Update the software for any internet-connected device on a regular basis. Software updates are annoying, but that’s how manufacturers fix security loopholes in their products. If we don’t update, then we’re leaving ourselves vulnerable to known flaws.
As for passwords, they come with problems of their own. If we keep them online, then they’re part of our cyber security issue. To fight this, we can write them down, which is something most security experts warn against because anyone who comes across them then has the keys to our kingdoms.
Thinking about the endless possibilities can make any efforts to fight hackers seem futile, which is exactly what they count on: inaction. Don’t let them win. Set aside a little time to inventory your connected devices and consider if you’ve set and updated passwords, as well as updated the software recently. Spending a little time on it today might be boring, but it could save you from huge headaches down the road.
P.S. Over the next few weeks, keep an eye out for Harry Dent’s Cyberterrorism Survival Manual, where he’ll expand on a few of the issues I brought up today and provide you with an excellent resource to protecting your most personal and financial information.