There isn’t a square meter of the show floor here at CES that doesn’t have some gadget connected to the internet. Whether tiny robots, your next house lighting controller, or new-fangled drink machine, it’s all connected. And while we’ve worked with multiple IoT manufacturers to help secure their devices once we discover vulnerabilities, the sprawl of potential vulnerable devices here is simply overwhelming.
For example, multiple vendors offer pieces of (or total) house control via audio. While it’s cool to have the house automatically open the curtains when you walk in and tell it to, there’s a potential downside. If someone could capture your voice, it’s easy to envision replay attacks where your house opens the doors, or those same windows so they can see what’s going on inside. This would be invaluable to would-be burglars before they attempt to break in, making sure nobody is home.
This sort of rush to market vibe runs amok here at CES – the idea that your company needs to display the latest thing to capture market share and development capital. Hopefully, security catches up along the way.
It’s easy to imagine things like whole-home ransomware, where rogue actors take over these automation systems, lock you out of them, then try to fleece you for money, and/or drain your bank account tied to a voice-activated ordering platform.
One company has a digital toothbrush that records your brushing patterns and develops trends over time. The dental industry and its insurers might view this granular information as a gold mine for marketing and determining insurance premiums. The question of privacy comes to the fore, as well as GDPR-style personal data conversations, in this case very personal. This, and other medical sensors displayed here walk a fine line, and privacy issues aside, a data leak would be most embarrassing and potentially damaging the victim and IoT provider.
As sensors become more central to the way we live, approach healthcare, and transport ourselves, the attack surface rises exponentially, especially as these sensors interface with the internet. It’s now possible to have digital spies in your house in whole new ways, but would you really know if they were?
There’s a digital treasure trove to be had in your home. At the center of it all is your home router. You know, the one you haven’t upgraded the firmware on (or there’s none available) since you bought it back in the day? Keeping track of this important digital intersection will become increasingly important, re-focusing the digital defense industry on defending your home network, which will become more complex and diverse than the corporate networks of yesteryear.
And while it’s probably not life threatening if one of those underwater robot fish they have here (really) for your low maintenance Koi pond motif goes berzerk, it might still be time to update your router and home security solutions to keep an eye out for rogue machines in your house. After all, you may not know that they’ve been revealing your deepest secrets, or if they soon will.