While the WikiLeaks CIA dump makes for interesting reading about our nation's capability to hack certain connected devices, it does not mean we are all being spied on while waiting for a microwave burrito. However, fanciful headlines do foreshadow privacy and data collection issues as the number of those connected devices (the "Things" in the Internet of Things) grow.
From pacemakers to thermostats to baby monitors to toasters, everyday devices are becoming "smart." Unfortunately, many of these Things and the data they collect are notoriously insecure – many with outdated security and even known flaws – primarily because the flood of these devices has been so new and fast, and the devices are so varied, there are no security standards, and the devices are poorly patched.
These security flaws have not truly been exploited because these devices historically have been too frivolous to attack. That may soon change, because increasingly "smart" devices are gateways to more worthwhile targets, such as their connected networks. In addition, because the types of connected devices are becoming more substantial (such as our cars), the data being collecting is becoming more valuable, precise, and capable of being mined.
Use of "smart" Things is a matter of convenience and lifestyle choice. However, that choice should be guided by whether you think every-Thing in your life really needs to be connected. Does your child really need a connected plush toy that collects her location, sibling's names, voice recordings, birthday and photo? Do other devices really need to send usage data to their manufacturers?
In a welcome security step forward, some companies have started to employ two-factor authentication. For instance, Nest recently rolled out two-factor authentication for its home video cameras, thermostats and smoke alarms. Apple's HomeKit also includes a two-factor authentication option. Although text-based two-factor authentication is not failsafe, it certainly adds an extra layer of protection to account security.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.