What is Your Roomba Vacuuming Up?

Facebook, Bluetooth, the iPod, “smart” televisions: innovations in the past few years have transformed the way we live. Nearly two-thirds of Americans own a smartphone. By 2020, it is expected each person worldwide will have more than six connected devices on average.

The “internet of things” is a technological development with an increasing presence in our daily lives. The internet of things refers to the ability of everyday objects to send and receive data and connect to the Internet. If it has an on and off switch, chances are it can be a part of the internet of things. This includes everything from mobile phones, coffee makers, washing machines, thermostats, security systems, entertainment and medical devices, wearable devices such as fitness trackers and almost anything else you can think of.  This also applies to components of machines, such as the jet engine of an airplane or the drill of an oil rig. The analyst firm Gartner predicts within three years there will be more than 26 billion connected devices. And all of these internet-connected devices are able to “talk” to one another.

How Does the Internet of Things Impact Me?

So why would you want so many connected devices talking to each other? One reason may be convenience. For example, your alarm clock wakes up you at 6 a.m. and notifies your coffee maker to start brewing coffee. As you head off to a meeting at work, your car has access to your calendar and knows the best route to take. If the traffic is heavy, your car might send a text to other employees notifying them you will be late. At the office, your office equipment knew it was running low on supplies and automatically re-ordered more. The wearable device you use in the workplace tells you when and where you are most productive and shares that information with other devices.

While the internet of things allows for opportunities and connections to take place, it also opens the door to challenges. Security is a big issue. With billions of devices being connected, what can people do to make sure that their information stays secure? Will someone be able to hack into your toaster and gain access to your entire network? Questions of privacy and data sharing are troublesome. Another issue many companies face is figuring out a way to store, track, analyze and make sense of the vast amounts of data these devices generate.

What Data is Collected?

In this new age of the internet of things, our sensitive data is everywhere. A recent concern involved the iRobot’s robotic vacuum, Roomba, which collect data as they clean. The vacuums identify the locations of your walls and furniture. This helps them avoid crashing into your couch, but it also creates a map of your home iRobot could potentially share. Reuters recently quoted iRobot’s chief executive, Colin Angle, saying a deal could come in the next two years with Amazon or Google in which iRobot could share the maps free with customer consent, not sell them.

The frontier of smart home data and privacy is a sensitive one. In the hands of a company like Amazon, Apple or Google, that data could fuel the increasing number of digital home assistants. The data could also be a windfall for marketers. No chair in your living room? You might see ads for chairs next time you open Facebook.

Information about the size of a home and the amount of furniture could allow advertisers to deduce the owner’s income level. Taken by itself, this data may appear harmless, but combined with data from other devices, it could potentially reveal lots of information about people’s lifestyles and daily patterns – which could lead to greater security threats.

A Hacker’s Dream Come True

In 2016, internet of things security business ForeScout Technologies released a report in which it examined seven common internet of things devices, including smart refrigerators, connected printers and connected security systems. According to ForeScout, the devices could be “hacked in as little as three minutes, but can take days or weeks to remediate.” The hacks could result in the microphones and cameras of devices being hijacked to spy on their users and destroy critical equipment.

We are often our own biggest security enemy. We carry our connected devices, such as mobile phones, eReaders and fitness watches, with us. We take them to busy places, keep them in handbags and backpacks and use them in front of strangers for business and/or personal use. It’s not hard to watch someone type in a device’s pin code or password. And it’s all too easy to memorize a security code and steal the device.

A fitness watch or a smartphone contains private information – name, address, date of birth, credit card information and health information. Your phone often also harbors access to apps including email, business and social media accounts and online banking. We take our data goldmines everywhere and anywhere with little thought about the implications of them getting into the wrong hands. The more details that can be found about a user, the easier and the more sophisticated a targeted identity theft attack can be. If a hacker manages to collect business related data, the hack potentially gets even more lucrative.

Implementing Security Measures

While mobile phone security is slowly catching up (pin protection, remote blocking and deleting of data, fingerprint authentication technology, etc.) other connected devices lag far behind. The increase of effective security hasn’t kept pace with the increase of available “smart objects”. Criminals are usually several steps ahead of the security developments.

There are many routes that you can take to protect your data:

  • Only share the minimum amount of data needed. Know who has access to your data, what it is being used for and what data protection policies are in place. Never select “remember my details”.
  • Use multi-factor authentication that requires a combination of elements to gain access – usually two or more of something you know (a password), something you have (your phone) and something you are (a fingerprint).
  • Use a different password for every device and always change the default password.
  • Purchase smart objects from manufacturers with a track record of providing secure devices – whether it be work laptops, smartphones and thermostats, weather sensors, tracking devices, health monitors and smartwatches or manufacturing machines and connected cars.
  • When updates are available for devices, be sure to complete the updates on a timely basis.
  • If a device comes with a default password or an open Wi-Fi connection, change the password and only allow its operation on a home network with a secured Wi-Fi router.
  • Be informed about the connective capabilities of any medical devices prescribed for at-home use.

There currently is no government body regulating the security of the internet of things.  A number of industry leaders have formed alliances, such as the Fast IDentity Online (FIDO) Alliance. The government has created initiatives, such as the National Scheme for Trusted Identities in Cyberspace, in an attempt to set standards in this area. This underscores the importance of individuals and companies taking precautionary measures to safeguard personally identifiable information.