How secure is your network of smart devices? It sounds harmless and fuzzy, doesn’t it, the Internet of Things? Advertised as a way to simplify our daily lives, the allure of interconnected smart devices within our homes, that respond effortlessly to our needs at the touch of an icon on our smart phones, is difficult …
It sounds harmless and fuzzy, doesn’t it, the Internet of Things? Advertised as a way to simplify our daily lives, the allure of interconnected smart devices within our homes, that respond effortlessly to our needs at the touch of an icon on our smart phones, is difficult to resist. The threat these emerging digital technologies pose to cyber security and data privacy, though, is very real.
The IoT refers to the interconnected world of smart devices or digital gadgets that are used in households across the world. From smart refrigerators to garage doors to fitness trackers for dogs to the now eponymous smart speakers (Alexa: looking at you!), we are constantly plugging gadgets into the IoT for the sake of convenience. The devices ‘talk’ to each other and constantly transfer data. And as Secure64 Software Corp points out, ‘nearly all of these products were built without security in mind.’ Seemingly harmless smart appliances, like smart fridges, can allow hackers to open up a route to more complex technology, like personal computers, which contain a profusion of sensitive data.
‘It’s about networks, it’s about devices, and it’s about data,’ Caroline Gorski, the head of IoT at Digital Catapult asserts. Despite the convenience and efficiency and effortlessness of a world of interconnected devices that can apparently respond intuitively to users’ needs, it is the potential for the IoT to provide hackers with easy access to user data that is the problem. Furthermore, as these networks expand, protecting the data becomes increasingly difficult. Martin Böker at Samsung (one of the world’s largest providers of smart domestic appliances) admits that: ‘The higher the number of devices that are connected to a network, the greater the vulnerability for being hacked.’
Worryingly, companies who sell smart devices are not great, in general, at disclosing security vulnerabilities in their products. A 2020 IoT Security Foundation report, which looked at the vulnerabilities disclosure practice of 330 companies globally, found that by 2019 only 13.3% had a Vulnerability Disclosure policy. The report states: ‘This is of great concern as vulnerability disclosure is widely considered to be a baseline requirement due to its fundamental importance towards operational IoT security.’ It also notes the irony that a study of ‘smart home security’ products – one of the two biggest product categories, the other being ‘smart lighting’ – found that just 3 out of 37 had an accessible Vulnerabilities Disclosure Policy. Some companies attach conditions to disclosure, and, notably, according to the report, ‘Samsung’s SmartThings operates a non-disclosure scheme.’ This means that even the savviest owners of Samsung smart fridges will never know if their appliance has known vulnerabilities.
As the UK endures a third lockdown as a result of the Covid-19 pandemic, vast numbers of usually office-based employees have shifted again to remote working. In 2020, according to the ONS, almost half (46.6%) of UK workers did some work at home. As Aamir Lakhani, cyber security researcher and practitioner with FortiGuard Labs, says, conventional network boundaries are shifting:
‘With the rise of remote work, IoT, the cloud and other multi-edge environments, the traditional network perimeter is becoming a thing of the past.’
The merging of personal and business environments through remote working means that smart fridges, fitness trackers and such, could become vulnerabilities for big business as well as individual users. ‘Rather than having to penetrate the sophisticated cyber defences of business, criminals can now use IoT’s weakest links: products and appliances with poor security protections or none at all,’ we are told in a Financial Times Special Report.
More disturbing still is potential for terrorists to abuse the power of the IoT on an infrastructural scale. A group of Princeton researchers ‘demonstrate[d] that an Internet of Things (IoT) botnet of high wattage devices–such as air conditioners and heaters–gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid.’ Hackers who target smart devices, with the aim of interrupting the power supply to millions of homes and businesses, could leave whole countries devastated. Fortunately, this remains theoretical for now.
We should all think very carefully about whether or not a domestic appliance or digital gadget needs to be plugged into the IoT. Just because we can doesn’t mean we should. Moreover, it is crucial that consumers are equipped with the knowledge to make an informed choice. In a busy world, though, where convenience and efficiency are at the top of everyone’s wish list in terms of the appliances they choose, connectivity to the IoT is an easy sell. Until consumers become cognisant of the threat to their privacy and the way in which some companies suppress information about the vulnerabilities of their products, nothing much will change. In the meantime, what can savvy consumers do? Secure64 recommends using the DNS (Domain Name System) – an IP address necessary to locate a connected device – to prevent devices from joining bot herds. For the non-technical users out there: change passwords regularly, use password managers to keep on top of them, employ multifactor authentication where available, and keep your antivirus up to date. Oh, and avoid connecting smart gadgets to the IoT needlessly.
Contact us and let DigitalXRAID ensure your business is protected.
 Martin Böker, ‘Connected and Secure: Five Hypotheses about the Internet of Things,’ April 2017,
 … ‘Consumer IoT: Understanding the Contemporary Use of Vulnerability Disclosure – 2020 Progress Report’, https://www.iotsecurityfoundation.org/wp-content/uploads/2020/03/IoTSF-2020-Progress-Report-Consumer-IoT-and-Vulnerability-Disclosure.pdf Date of access: 16/1/21.
 Interviewer: Maria Henriquez, ‘5mins with Aamir Lakhani,’ Security, 15 January 2021, https://www.securitymagazine.com/articles/94362-minutes-with-aamir-lakhani—cybersecurity-trends-in-2021 Date of access: 16/1/21.
 Sarah Murray, ’When Fridges Attack: Why hackers could target the grid,’ Financial Times, 17 October 2018, https://www.ft.com/content/2c17ff5e-4f02-11e8-ac41-759eee1efb74 Date of access: 16/1/21.
 Saleh Soltan, Prateek Mittal, and H. Vincent Poor, ‘BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid,’ https://www.usenix.org/conference/usenixsecurity18/presentation/soltan Date of access: 16/1/21.
Guest Writer Bio
Melanie Bonsey is a part-time PhD student at the University of Sheffield, former English teacher and freelance writer. She has a keen interest in the ways in which emerging digital technologies impact in unexpected ways on daily life. Her academic research focuses on narrative structures, historiographic metafiction, and the fiction-reality interface.
Click below and we’ll send you a quote as soon as possible.
Click below and we’ll send you a quote as soon as possible.