Cybersecurity & An Internet of Things (IoT)
As a cybersecurity professional, I tend to be annoying when I start talking about the things I put in my house. Camera systems? Get ready for a 3 hour discussion of brand trust. Camera Door Bells? Hope you want to hear examples of how companies use facial recognition even without your approval. Echo devices? Let’s talk about the history of always on microphones.
But even after all that, after the back and forth and the tens to hundreds of hours in research and testing, I still have them in my home. I still chose to get an Internet of Things air filter and a video doorbell.
Well to begin with, the Internet of Things (IoT) is not some unique or new thing. The printer you have in the office you can print from any PC to? That’s an IoT device. The Apple TV or Chromecast in your TV? That’s an IoT device.
A short explanation of IoT will often go into networks and sensors and types of connections. These are all valid, but I think, what makes IoT devices special, is they provide novel versions of previously standalone devices. Things that make life easier, by saving time or effort. Or, by providing peace of mind.
A garage door opener that can tell you when it’s open or closed? That’s an IoT device.
A wall switch that lets you turn it off remotely while in another country because you’re worried you left the iron on after a 12-hour flight? Definitely, IoT device.
The printer everyone hates because it constantly disconnects? Let’s not include that, it’s not cool enough (and it’s going to break anyway.)
IoT things all work in very similar ways. They make things easier, and in the same way that networked printers changed the game when they first became available to everyone, IoT devices have made previously incomparably expensive things available to others.
It’s easy to forget that computers and the parts within them were originally made for a single purpose. The backbone of any network previously included multiple devices doing single purpose items. That’s the main thing that’s changed. For most camera systems, you don’t need a full room in your house dedicated to managing all that camera data, because it’s in the cloud or in a tiny box you get when you buy the cameras. Those with Eufy devices will know about “HomeBase” device runs everything for those cameras, and it handles all the networking side on its own. They made them smaller, and smarter, so you don’t need to know how to configure a full network to set one up, it’s all automatic. Just like an All-In-One Printer that lets you connect to it by scanning a QR Code, it’s all included in a cloud or smaller version that handles it for you.
What does this mean?
What it means is that when you buy one of these solutions you’re not just trusting the device they give you, but what they’re doing with that data.
Does it go to the cloud?
If it does, do you want it to?
Do you trust the company is being honest about that?
These are big questions; they require real thought and effort. Some companies, like Ring were early to the market and a lot of people assume that, because they’re used by so many people, they’re probably safe. You should make your own decisions on that.
If there’s so many problems, why do I use IoT devices?
I ran a risk analysis on my home, in conversation with everyone it impacts. Keep in mind, anyone who comes to your house, who is seen by your door cam, will get some insight into the things you consider safe to have at home.
I’ve decided that the ‘cool’ of things outweighs the potential threats, within a certain range. I don’t put cameras in places that make me feel uncomfortable. I don’t buy things from companies that have been found to put unnecessary sensors in their devices. Does your smart TV need a camera? Mine doesn’t. Does my Bluetooth speaker need a microphone? Mine does not. Limiting what data the tool can access and by finding companies you trust, you can create your own system that works for you.
More importantly, thanks to tools like Matter by the Connectivity Standards Alliance, we can see that standards and definitions are coming down the line and being implemented. Many large organizations have already aligned—or are planning to align with the Matter Standard—including Amazon, Apple, Google, LG, Samsung, Ikea, Siemens, & Verizon. Meaning that these devices will work similarly, and can potentially all be controlled by a single app instead of requiring one app per organization.
However, my garage door opener telling me when it’s open and closed and allowing me to open it so that Amazon can put packages inside instead of leaving them on the doorstep? That’s just cool.
Author: Matthew, GRC Analyst & vCISO