Oct
11

IoT is Being Abused, Here’s How to Stop it

IoT is Being Abused, Here’s How to Stop it

October 11
By

By the end of 2017, over 29 million homes in the US had some form of smart technology, and that number was growing at around 31% a year, according to a report from McKinsey. Devices like the Ring and Nest Thermostat help homeowners supervise their homes, often while they are away and are two of the most popular devices on the market today.

While these internet-connected devices and others such as the Amazon Echo and Google Home provide a level of control and convenience, they also come with a potential dark side: they can be used to harass, abuse and intimidate others.

This week we will look at some of the methods which use IoT in nefarious ways and how people can stop it.

The Risk

Men install most digital devices. But not just any man, but partners who bring these devices into the homes with good intentions and promises of convenience and safety.

Ring and Nest Hello are two devices that promise home safety by providing live video footage of your front door. Owners can easily monitor who approaches their home to visit or deliver packages. Video footage can be saved to the cloud making it easy to go back in time to see who approached your home for any reason.

An example of video footage from your doorbell to your phone

What many people don’t realize is these devices can be used to spy on former spouses and partners without their consent. The cameras are small enough that they can be inside a home without being detected adding a level of privacy invasion for those who don’t know they are being watched.

However, video cameras aren’t the only risk. Many IoT is voice-controlled with few, if any, physical controls. Any such device includes a microphone which can be used to listen to background conversations. Even worse, your communications record and upload to the cloud where another person can access them with the proper credentials.

Domestic Abuse

Smart locks are one of the fastest growing segments of smart home products. These devices replace your deadbolt lock or enhance your current lock with “smart” features. Mostly, they make it possible to lock and unlock your door using a smartphone app.

For most owners, the convenience is worth the cost of installing these new devices. However, in a report from the New York Times, women calling abuse hotlines are reporting that former partners are remotely locking and unlocking their doors as well as changing the passcodes which give someone else access to your front door.

Another woman had her air-conditioner turned off just after she turned it on while another woman reported hearing her doorbell ring many times but finding no one was at her door. Once a device is connected to the internet, it opens the potential for someone else to control it remotely.

Staying Safe

With so many new devices hitting the marketing, how can anyone keep track of them all and remain safe? Here are a few guidelines for dealing with IoT devices in your home:

  • WiFi Password – Learn how to change the password on your WiFi router and keep it private. Most IoT devices connect to the internet over WiFi and become unusable without it. If a device began acting unpredictably, try turning off your WiFi router and seek technical assistance.
  • Disable Microphones – Any voice-activated devices have a microphone, and most of them can be disabled. For example, the Amazon Echo and Google Home are voice controlled smart speakers. Both have buttons to disable them when not in use. This will keep them from listening to background commands and conversations.
  • Avoid Shared Accounts – Most devices will require the owner to login so that settings and customizations can save to the cloud. This is convenient but allows anyone with your login to credentials to change these settings. For each device, use your login credentials and do not share accounts.
  • Install Patches and Security Updates – Many devices will handle updates on their own, in the background, but not all. Some require installing firmware updates that are more involved than simple software updates, but most can perform through an app. IoT devices are often rushed to market so keeping them patched is critical to your security.

Conclusion

We are in a new era where our homes are full of useful gadgets that provide entertainment, comfort, and convenience. Amazon and Google position their smart devices as helpful life companions. However, what happens when that companion is used as a tool to harass or stalk another person?

It comes down to control. If you didn’t install the device, someone else has control over it. You would never carry around an iPhone with a passcode set by your coworker, yet many people continue to use smart devices in their homes that were installed by ex-spouses and ex-partners.

This is a recipe for problems down the road. Large companies such as Google, Amazon, and Microsoft have committed to providing clear documentation which is a step in the right direction given how little documentation often ships with these IoT products.

StorageCraft is the data recovery pro. Not only can we help you with your backups and storage, but we assist with online data recovery and ransomware protection, as well. Contact us today for more information on our large suite of solutions and products or request a free demo of our ShadowXafe.