At least they’re being upfront about it.
James Clapper, the United States director of national intelligence, has acknowledged what many in the online security industry have warned about for some time – that intelligence and surveillance agencies are planning to use the Internet of Things to spy and hack.
The admission came in a testimony submitted to the US senate earlier this week:
“Smart” devices incorporated into the electric grid, vehicles – including autonomous vehicles – and household appliances are improving efficiency, energy conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services. In the future, intelligence services might use the loT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.
The focus of Clapper’s testimony might have been that these are issues which could pose a serious threat to US security, with hackers in overseas countries exploiting poorly designed IoT devices for the purposes of spying, stealing and disruption.
But we shouldn’t kid ourselves – such methods will be used by America’s intelligence agencies too, in its pursuit to collect information about its enemies, foreign governments and criminal organisations.
We’ve all read the scary stories of hackers spying on children through internet-enabled baby monitors, or the vulnerabilities found in Jeeps and cars made by General Motors, and how security holes are being found time and time again in internet-enabled gadgets.
We wouldn’t dream of attaching a desktop computer to the internet without having security in place, so how come everything from internet-connected toothbrushes to smartphone-controlled washing machines and remote control thermostats are fine to plug in?
The truth is that “smart” devices have the potential to be very, very dumb when it comes to security. Unlike PC and software vendors who have decades of computer security experience, the manufacturers of these new devices often have little in the way of expertise and yet could still be exposing us and our personal data to the threat of hackers.
It’s not just intelligence agencies that we have to worry about exploiting these security holes. Each and every one of us should be concerned about the risk that we’re making it too easy for criminals to snoop on us, and potentially steal our passwords and personal information by taking advantage of the internet-enabled gadgets we bring into our home.
Unless manufacturers learn their lessons, and harden their internet-enabled devices against attacks, we face a future where the risks increase and the internet of insecure, untrustworthy things becomes a reality for us all.