Security Risks on the Internet of Things - What You Need To Know
The Internet has been buzzing with a Reddit story claiming that a neighbor was able to unlock the author's front door just by yelling, "Hey, Siri, unlock the front door!" The writer uses a fake name, so it's hard to confirm the story, but it could easily be true. It's an example of how the Internet of Things can create new security risks.
Little computers, big risks
The "Internet of Things" (IoT for short) consists of all the devices that we don't think of as doing computing, but can be controlled or give information through the Internet. They include locks, thermostats, lighting systems, and cooking appliances. Somewhere there's probably a teapot that will prepare a drink for you when you say "Tea. Earl Grey. Hot," like Captain Picard in Star Trek. These simple-looking gadgets are computers in their own right, often using the same operating systems as desktop computers. They carry the same risks.
The trouble is that the makers often don't think about the security implications of their gadgets. They're connected to the home Wi-Fi network, inside the firewall. You really can get a smart teakettle, except that it's not very smart. With a little persuasion, it will give away the Wi-Fi password it's using.
Some of the possibilities are life-threatening. Two experimenters were able to take remote control of a Jeep Cherokee (with the driver as a willing participant). They manipulated the air conditioning, windshield wipers, and sound system, and finally cut the transmission. The driver called a halt to the experiment before things could get dangerous, but malicious remote operators could have killed him.
Whether that Reddit story is true or not, Siri can in fact open risks. Unless you take special steps, it will accept "Hey, Siri" from anyone. It's a bad idea to use it to perform sensitive functions such as unlocking your door. The Siri settings let you train it to recognize your own voice and (hopefully) no one else's. This isn't foolproof, though. A safer setting is to activate Siri only when you press and hold the Home button. Unfortunately, it won't let you change the phrase to a different one.
Be especially careful of devices that affect your health or transmit personal information. If they aren't secure, an outsider could mess up their operation and endanger your well-being or get private information about you.
Be wary of your devices
A 2014 study says that more than half the devices tested raised multiple security concerns. It's easy to intercept and modify data in transit, and criminals could sneak malicious software onto a device by modifying update files.
It's vital to be very careful when choosing "smart" devices for the home. Finding out which ones are safe isn't easy; reviewers don't usually pay much attention to security features. The best bet is to be conservative. Don't put devices under remote Internet control just because it seems cool. If it provides a benefit and the risk isn't too great — for instance, a thermostat that you can set before getting out of bed — then look for a model from a reputable maker rather than the cheapest no-name brand.
Read the instruction manual and follow any security recommendations. If it has a password you can change, change it to something that's hard to guess. Don't turn on any remote control options that you don't need. Does it really need to be on Siri? If you use Siri to control your devices, do you really need to let anyone within speaking range command it?
The Internet of Things is still a young technology, and a lot of manufacturers pay more attention to having nifty features than to avoiding risks. When you use those devices, remember that it's a dangerous area and exercise caution.