I've spoken out before against the so-called "Internet of things" in our homes. They hold hidden dangers.He then points out the example of a casino that was hacked via a network-connected thermostat in a fish tank. I know people in the security business ("Penetration Testers", sometimes called "White Hat Hackers" who are hired by companies to test their defenses) - I've heard stories about how they have done precisely this sort of thing. One story from around 20 years ago was how they checked into a casino hotel and went to their room. The mini fridge had an Ethernet connection; they plugged their laptop into the network and found that they were on the main casino IT network. It seems that someone wanted to have electronic sensors reporting when someone took a beer from the fridge for automatic billing.
- Frankly, I don't see any need for a "smart thermostat" that can be adjusted from my smartphone, when that means someone else can hack into it and potentially invade my privacy.
- I think "smart security cameras" that I can operate from my smartphone, anywhere in the country, are an ideal tool for would-be burglars or home invaders, who can monitor them to select the best time to commit their crimes.
- "Smart door locks" are an invitation to hackers to open my doors for themselves - or just leave them open for their amusement.
Now there's the "Internet Of Things" that doesn't seem to have any security at all. Everything is hackable.
So what can you do? The best defense (as is typically the case) is good situational awareness. When you see one of these devices, remind yourself that it almost certainly has no security built into it. Imagine what might happen if you installed it in your house (say, a "smart" door lock that will open for anyone who knows the "open sesame" command). Then ask yourself if the benefits are worth it to you.
For me, the answer is a resounding "no", but you know how nasty and suspicious I am.
But remember that network security is hard, even for people who are highly motivated to have good security. Casinos have had pretty darn good security, in my experience. They know what's at stake. This is why they hire penetration testers, after all. And they still get hacked through some dumb Internet Of Things device.
If it happens to them, with their experience, motivation, and security budget, what do you think will happen to you?
When you find yourself in a store looking at one of these shiny new devices and the hair on the back of your neck starts to stand up, you will know that you understand the situation precisely.