The proliferation of Internet of Things (IoT) and wearable devices promises amazing technological breakthroughs in our everyday lives. These developments are made possible by interchanging information between our devices (activity trackers, phones, cars, etc.) and storing that data in the cloud. But what if you’re not the only one with access to the massive amounts of data that your devices collect? What if hackers can see what time you leave your home on a daily basis and they can unlock your front door with the click of a mouse? What if those same hackers can tap into all of your vital signals and see your exact location at any time? This might sound like science fiction, but unfortunately it is becoming the reality today.
Delivering the conveniences that IoT promises requires massive amounts of data to be collected and stored in the cloud. We are promised that this data is secure, but since Edward Snowden’s revelations we know that virtually no data is safe from interception by third parties once it enters the public Internet. We have seen proof that the NSA and British Intelligence are doing it on a massive scale; we’ve seen that the North Koreans can do it on a more targeted scale; and someone might be doing it to you right now. What if that unknown party can see your every activity, every movement, even every heartbeat? Are we ready to make our most personal and sensitive data accessible to hackers and government entities?
Not only is our data vulnerable, but once our physical devices are connected to the Internet they can be hijacked and controlled by third parties as well. The separation between what’s virtual and what’s real is breaking down with each device that comes online. Let’s take a look at common connected IoT devices:
- Phones, tablets, televisions
- Sensors (wearables, environmental, industrial)
- Home access (locks, cameras, security systems, etc.)
- Medical devices
As the list grows, not only is our personal data created by those devices possibly accessible, but the devices themselves are at risk. As a leading digital innovation agency focused on web and app development we are always thinking of the security implications of the products we design. Once you’ve replaced the locks in your home with smart-locks someone with the right resources can walk up to your house and unlock the door with a tap on their smartphone. They can also watch you on your internet-connected baby monitor and even take control of your connected car to override the gas, brakes and steering. Many cars that are connected today are already vulnerable to these kinds of attacks.
As average consumers, we might think this doesn’t impact us. Security by minority might still apply today, where hackers have no interest in hacking some obscure IoT platform to control our home thermostats. But as standards evolve across the IoT platforms and data is shared across APIs, there are more centralized locations for hackers to search for your data. Metadata analysis is becoming more sophisticated as well, allowing analysts to find your relevant data easier than ever before. Finding the “needle in the haystack” becomes increasingly easier.
While you probably don’t need to worry yet about hackers invading every part of your private life, as a society we are laying the technological foundation that will make us more vulnerable to hackers and government agencies than most of us can imagine. We need to begin the conversation now and evaluate the impacts of the Internet of Things on our privacy.