Your Smart Devices Are Spying On You

  • IoT in a nutshell
  • The ugly truth about insecure devices
  • Failure to understand the technology

There is no denying that the Internet of Things makes everything so seamless and convenient for users. Just the fact that all your devices can work so well together is a breath of fresh air, even more so if it allows you to maximise your productivity and enhance your way of living on a daily basis.

But how sure are you that this level of connectivity does not compromise your overall safety? Having your personal information readily available online for your smart devices’ perusal can be a little discomforting, don’t you think?

In this article, we will explain the risks of employing IoT in your personal space and how Australia intends to address these risks.

  • IoT in a nutshell
  • The ugly truth about insecure devices
  • Failure to understand the technology
  • A new voluntary code of practice

IoT in a nutshell

For the unaccustomed, IoT, or the “Internet of Things,” is the technology of connecting billions of smart devices to the internet and creating an ecosystem of devices sharing and collecting data. It allows objects that are typically used offline to become more functional tools with the help of the internet.

It refers to “things” because it can literally turn the most mundane of objects into a device equipped with a certain level of digital intelligence by adding sensors and RFIDs. The IoT ranges from a child’s toy to your light bulb at home, to watch, a car, and even a plane.

The idea was first brought up between the 1980s and 1990s, but it was only in 1999 that the phrase “Internet of Things” was coined by Kevin Ashton. In the years that followed, developments in internet technology made it possible for the IoT vision to take shape.

The ugly truth about insecure devices

Over the years, the IoT ecosystem continued to expand around the world. It grew exponentially with the advent of smartphones and the arrival of several other internet-ready devices that cater to the various needs of consumers. However, this also meant that the IoT devices have become less secure than how computers used to be.

In Australia, researchers from the University of New South Wales were commissioned by the Australian Communications Consumer Action Network in 2017 to test the security of no less than 20 household appliances that were advertised as being Wi-Fi ready.

The list of appliances that were tested includes a smart TV, printer, portable speaker, digital photo frame, voice assistance, sleep monitor, light bulb, power switch, smoke alarm, bathroom scales, and even a Hello Barbie talking doll.

Researchers found that many of these devices “allowed potentially serious safety and security breaches.” This is despite some of the items being secure in the confidentiality aspect. Simply put, a simple hack into the private Wi-Fi network would make it possible to collect data stored in each of the IoT devices such as knowing what time people get home by checking the time stamp on the lights. It’s also easy to get an idea of the number and size of each person in the house by checking the details logged in the bathroom scales.

Failure to understand the technology

One reason why many of the IoT devices available to customers these days have poor security is that manufacturers want to reduce the costs of production. Although the smart chips used for IoT have become significantly more affordable now compared, some companies still try to skimp on their production expenses by making do with substandard components.

Aside from this, many manufacturers and consumers are not educated on cyber-security and the risks it has on themselves and their business. For the manufacturers, if they are not familiar with the ins and outs of the technology, how can you expect them to find ways to address the issues that come with it?

But the bigger burden falls on the consumers who may not know how the technology really works and whose knowledge is limited on how they can use the devices on a regular basis. There is an opportunity for exploitation, spying, and harassment on individual users. And on a wider scale, it is also possible for entire services and networks to be compromised.

A new voluntary code of practice

Thankfully, it seems that the authorities are paying attention to the problems and are doing something to mitigate it. There are security guidelines being proposed by people governing the industry, particularly the National Institute of Standard and Technology in the United States, the European Telecommunications Standards Institute, as well as the Internet Engineering Task Force.

However, these guidelines are mostly based on voluntary action by manufacturers. They do not have the jurisdiction to enact laws, impose penalties, and actually require manufacturers to be subjected to standard regulations. It’s basically just following the recommended security guidelines “in good faith.” How that will work for the betterment of all is going to be a tall order.

Lucky for users in the United Kingdom, the country is pushing for a mandatory code that will require manufacturers to come up with security features in all of the IoT devices they produce.

But how about consumers in Australia?

A voluntary code that simply encourages manufacturers to adopt security measures in their respective devices may not do much. However, the government thinks this is, at the very least, a good first step toward the improvement of security.

There is talk about “co-regulation,” where self-regulating laws within the industry can be combined with government regulations, as well as the appointment of an independent watchdog. While this may be a little out of reach at the moment, concerned parties can view it as being an inch closer to a secure society. 

For now, what’s sure is that all eyes are going to be fixed in the UK and whether they will succeed in their plans to regulate the industry.