“When you plug into the world, it is easy to forget that the world is also plugged into you,” observed Network Box Managing Director, Michael Gazeley, speaking at Advisen’s Cyber Risks Insights Conference in Singapore.
Delivering the keynote address, “The Vulnerability of Everything,” Gazeley claimed a million new devices are being connected to the Internet every three hours, and they aren’t all laptops, tablets and smartphones. Many others are devices we have not typically associated with the Internet – home appliances, security systems, and automobiles, for example.
Some of these devices perpetually broadcast information about us and, as Gazeley noted, often “you can’t even turn them off.” People frequently, though often unwittingly, give permission for information to be collected, analyzed, and sometimes even sold to others. When you bought a new car, for example, you may not have been paying attention to the fact you also gave the manufacturer permission to remotely collect information on your driving habits and your vehicle’s performance.
Nearly all these Internet-connected devices also are vulnerable to being hacked, providing cyber criminals unprecedented access to details of our private lives and business dealings.
The bad guys often don’t have to work too hard to find this information: Shodan – “the second scariest search engine on the Internet,” according to Gazeley – finds and indexes information on 500 million devices and services. The number one scariest search engine, according to the security expert, catalogs information on children who can be viewed on easily-hacked “nanny cams.”
Nanny cams are just one example of seemingly benign or even benevolent devices that enable hackers to visually spy on their victims. More and more devices are equipped with cameras, and it doesn’t take an overly clever criminal to remotely seize control of one.
Since these cameras typically don’t signal when they are activated, people have no way of knowing when a camera in their laptop monitor, tablet, smartphone, or even their bedroom television is on and recording everything in range.
In the business world, conference room telephones and copy machines are attractive new targets. Criminals can now listen in on and record confidential business meetings, and can gain access to every copied, scanned or faxed document.
In the long run, it probably is a good business practice for companies to more clearly disclose if their products collect and broadcast information to third parties, and how that information is being used. Otherwise, disgruntled consumers will eventually demand privacy laws that may inhibit even the most beneficial collection and use of private information.
Hackers, of course, are another issue altogether. Manufacturers of every device that accesses the Internet can and should be building robust security into their products from the ground up – “security by design.” Not only is it a good business practice, it also can help deflect lawsuits.
Nobody can guarantee a creative and determined hacker won’t be able to defeat even the most secure devices and systems. But the stakes are far too high to not at least build in security measures that, at a minimum, meet standard industry protocols.
Gazeley pointed out a new model television with a built-in camera, which has a factory set username and password that cannot be changed by the owner.
You can be certain that those log-in credentials are now known to hackers everywhere, who perhaps are watching you as you watch your favorite shows.
