Securing your holiday devices

Published 3:00 am Friday, January 4, 2019

By Greg Price

Electronics appear to have stolen the show again as popular holiday gifts. Among the items, home automation and “connected” consumer devices dominated sales. Years ago, a descriptor for the collection of items that we connect to data networks emerged. It’s somewhat debatable who coined the phrase “Internet of Things” (IOT), but many point to Cisco, a stalwart in the networking world. Internet of Things is an attempt to describe our fascination with connecting everything to the internet. More specifically, according to some statistics, there will be over 30 billion things connected to the internet by 2020, increasing to 75 billion by 2025.

Our bodies are connected to the internet via implantable devices, through wearables such as fitness trackers and smart watches. This holiday season, many new and exciting body trackers were revealed at discounted prices. Connecting your refrigerator and CrockPot to the internet became easier as well. After all, why would anyone want to make a shopping list or peak into the CrockPot? That’s so 2000s.

Sign up for our daily email newsletter

Get the latest news sent to your inbox

In the early 1990s, the University of Cambridge introduced the world to the first internet-connected appliance, rather accidentally. They placed a webcam near a coffee maker. The purposes were to save people time and avoid disappointment in finding an empty coffee pot.  The webcam and coffee maker streamed across the web until 2000 or so.

What’s driving the fascination with connecting everything?

Well, beyond the notion of “let’s see if we can do it,” there are a number of business-driven incentives. Over 60 percent of global manufacturers use data collected from connected devices to analyze business processes and identify areas for improvements. For those who have deployed IOT in the business process, the average increase in productivity in the delivery and supply chain is 15 percent. Industrial sensors have skyrocketed in popularity. Billions of connected sensors exist in modern factories and workplaces. The sensors provide accurate, timely data, allowing for repair savings, enhanced energy management and remote administration.

For healthcare, wearables, implanted devices provide a wealth of real-time data. In 2016, around 28 million wearable devices were purchased; by 2020, that number is expected to reach 83 million.

Our homes host the devices as well. SmartTVs, connected appliances, mobile devices, security systems, and a wide-array of digital assistants inhabit our living spaces alongside our families and pets.

Are there concerns? Yes, many.

Privacy is a critical aspect that is often neglected. As we introduce these devices into our lives in more intimate fashions, what are we sacrificing? What are we giving up as we introduce the Internet of Things to our homes?

At the top of my concerns is data management. As the devices collect and send copious amounts of personal and intimate data about our bodies and lives, what happens to the data? Specifically, who owns the data, who curates the data, and who is responsible for adequate safe-handling?

Secondly, as our homes become filled with devices that are connected to billions of other global devices, what is the potential for invasion? Could a home automation system or home digital assistant be compromised? Of course the devices are vulnerable. But with whom do you discuss a possible digital intrusion? Are local authorities adequately staffed and trained to handle a personal attack from within your home through a home automation system from a foreign land? What would such an attack look like?

The last of my large concerns relates to the actual security of the devices themselves. An array of quick-start guides and overly-simplistic setup instructions, most people are unaware of the true power and capabilities of the new generation of personal electronics. As a result, misconfigurations by the consumer and mishandling of security by the manufacturers can lead to tragic consequences for the user.

What should we do? Start with securing the devices. In doing so, you raise your level of awareness to the devices’ features and behaviors and foster an environment that will lessen opportunity for attack or failure.

Secure those new holiday devices. Start by using strong, complex passwords. Passwords are the most common form of authentication and serve often as the only barrier between you and the would-be bad guys. Most products arrive with default passwords enabled. Those defaults are notoriously simple. Change them immediately. Pick strong and complex passwords for each device.

Tailor your security needs based on the device and your needs. Do you need GPS tracking enabled on your toaster? Probably not. Take at look at what devices’ features and disable any that make you uncomfortable or are simply not needed based on how you will use the technology.

Update, update, update. Enable automatic updates for your technology and allow the devices to patch themselves. When a responsible manufacturer becomes aware of a problem, they will issue a patch – let the software fix itself.

Lastly, before connecting a device to the internet, consider if you need the whole world to see the device. If not, don’t connect it to the internet.

Double-check your privacy statements and shore up your security settings. And don’t forget to enjoy those holiday toys.

William Greg Price is the Chief Technology and Security officer for Troy University and the Director of the Alabama Computer Forensics Institute. He currently represents District 2 on the Pike County Board of Education.