Originally Published: February 22, 2018 5:55 a.m.
Your smart TV could be watching you while you’re watching it.
If you’re tech-savvy, you may be familiar with what’s become known as the “Internet of Things,” or IoT. The term refers to the physical devices — like vehicles, home appliances and other items — that now come equipped with electronics, software and connectivity that enables them to connect and exchange data over the internet.
The more new “things” you buy, the greater the likelihood you’ll have something connected to the internet in some form. That could mean a coffee maker, refrigerator, washing machine, headphones, lamps, and more. It also applies to larger machinery, like jet engines.
Gartner, an analyst firm, said that, by 2020, there will be 20.8 billion connected devices.
Others have made even larger estimates. A Morgan Stanley report said that it expected to see 75 billion devices on the IoT by 2020.
With that much internet connectivity in our daily lives, security against hackers seems as if it would be a major concern.
As things stand, hackers “can do anything,” said Jeremy Houle, a technician at Prescott Computers. “They can turn them into crypto-miners and use the processors in them to mine crypto-currencies. If (the device) has a camera or a microphone, they can hack it to listen to or watch you.”
A take-over of the cameras integrated in some Samsung televisions was proven possible by the CIA, and magazine Consumer Reports found that “a relatively unsophisticated hacker” could gain control of several models of smart TVs.
“I mean, just imagine what someone can do, and it can be done,” Houle said.
And maybe some things you didn’t imagine, like the experiment done by the Defense Advanced Research Projects Agency in 2015, in which a Chevrolet Impala was hacked via its OnStar system, giving the remote hacker control of the car’s acceleration and braking.
Whatever device is affected could be rendered useless, said Dr. Jon Haass, department chairman of Cyber Security and Intelligence at Embry-Riddle Aeronautical University.
“It could mean that the users would not be able to utilize that device, because it had been compromised by an attacker,” Haass said. “The legitimate use of the device might now be broken, because the hacker is now using it for their purposes.”
One of those purposes, using IoT computing power to create a “denial of service attack,” which essentially overloads a target computer with so many fake requests for information that it crashes, has already happened, Haass said.
In October 2016, hackers took control of untold thousands, perhaps millions, of unsecured IoT devices and directed them to query servers at Dyn, a company that provides internet service for many major companies. The attack crashed Dyn’s computer servers.
In that case, security experts said the hackers were able to gain control of the devices because many of them still had their factory-set default passwords in place, such as “111111” or “123456” or “password1.”
But some IoT devices simply don’t have very robust security measures in place, Haass said, and “are beyond the consumer’s ability to change, only the manufacturers can fix (the security on) the devices.”
What you can do
Actions the average consumer can take may stop a hacker, at the cost of limiting functionality, like covering the camera on a smart TV or disabling the interconnectivity of the device, assuming it will still work without an internet connection.
“Much like your iPhone,” Haass said. “For most people, they can’t do anything to change the security of the iPhone. We rely on Apple.”
“We should tell our vendors and manufacturers to take more care, and perhaps, as consumers, we need to look more carefully at what the capabilities of these devices are, and whether we want to have that risk in our lives.”