Is your toaster spying on you? How about your fridge? In a few years that might not sound quite as ridiculous as it currently does.
James Clapper, the US government’s director of national intelligence, has acknowledged that intelligence agencies may use “smart” household devices to increase the reach of their surveillance.
These devices, collectively known as the Internet of things (IoT), can connect to one another and also to the Internet to exchange data.
The classic example of an IoT device is the smart thermostat that you can control using your smartphone, even if you’re thousands of kilometres away.
As the idea of home automation has gained popularity, the market has exploded with everything from smart fridges to home security systems. Amazon’s digital personal assistant, the Echo, sits in your home and listens to your every command, constantly exchanging data with the Internet and other devices in your house.
The problem is that, in the rush to market, many manufacturers have been sloppy or even downright negligent about security and privacy measures. Thousands of different devices have latent vulnerabilities that Clapper acknowledges may be used by intelligence agencies for “identification, surveillance, monitoring, location tracking and targeting for recruitment, or to gain access to networks or user credentials”.
A great example is Samsung’s smart TV range, many of which have their built in microphones constantly switched on so that they can listen for commands from their owners. Were a hacker to gain control over such a TV, they could listen in without ever having to gain physical access to the property.
If that sounds scary consider this: in July last year, a pair of white-hat hackers demonstrated that they could take partial remote control over a Jeep Cherokee while it was travelling at full speed on the highway.
They were able to control relatively trivial features like the air conditioning and radio, but also critical systems such as the transmission and brakes, at one point sending their hapless guinea pig sliding into a ditch.
The vulnerability, in the Jeep’s case, was a feature called Uconnect that connects the vehicle to the public Internet. The hackers were able to use that badly secured connection to take control of the on-board entertainment system, and then leapfrog into the car’s on-board electronic control unit — the heart of any car.
Uconnect has since been patched by Chrysler, Jeep’s parent company, and millions of its cars are safe again from hackers. Until the next loophole is discovered, that is.
Given these examples, the much hyped IoT looks at best unreliable and at worst reckless and destructive to privacy. Why should we put ourselves at so much risk just so we can turn off the fridge using our smartphone?
There is another way to look at this. By connecting devices to the Internet, we quickly reveal the flaws in their security. In this way, the Internet acts like a global immune system for our technology.
The hackers act like bacteria, attacking weaknesses in individual cells (devices), but security geeks, the white blood cells of the Internet, rush to fix the issue and in doing so make the whole system stronger and more resilient.
Momentum will be unstoppable
We can make philosophical and political arguments about whether this level of connectedness is desirable in the first place, but those arguments will be largely irrelevant. If the Internet of things lives up to even a fraction of its promise, then its momentum will be unstoppable.
Connectedness will offer such compelling advantages — social, economic and physical — that being disconnected will put you on the back foot in every sphere of life. Right now, most of the features are gimmicky and unimpressive, but give it a decade and IoT devices will be as popular as cellphones.
And like cellphones, they are likely to reshape society’s attitudes and expectations about technology. Once you’re used to every connected shower in the world knowing exactly how hot you like the water, you’re not going to want to go back to fussing with the taps.
But while there’s no point in fighting IoT itself, we can play a part in how it is regulated and monitored. Neither intelligence agencies nor technology companies should have unfettered access to the data that our devices collect and transmit. We need common standards for both security and privacy, and regulators with the teeth to enforce them.
Because, while an increase in connectedness is largely inevitable, our passive acceptance of surveillance and data exploitation is not. Withdrawing will soon be impractical (ever tried to live without a cellphone?), so we must be prepared to participate actively in this debate. We can shape our devices, just as they shape us. — (c) 2016 NewsCentral Media
