Giving up the last stronghold: the IoT, ransomware and your home
In an ever-connected world filled with public CCTV cameras, cellphone videos, and satellites that can peer into your backyard, the home is quite possibly the last bastion of privacy.
It’s the only place that a person can truly relax and be themselves — but that sovereignty over privacy is fast becoming extinct. George Orwell’s classic, 1984, while rooted in fiction, foretold the loss of such basic human rights.
The main character of the novel, Winston Smith, lives in a flat in the Victory Mansions living complex. His room is bland, with one defining characteristic: a TV that can never be turned off, only dimmed. This television not only enables him to view the outside world, but it also allows the outside world (specifically, the government) to peer in. Due to its portrayal of authoritarian and totalitarian control, 1984 and the Orwell name became synonymous with dystopian societies rife with governmental overreach and abuse.
In 2013, the term “Orwellian” was used to describe the massive Internet surveillance program code-named PRISM uncovered by NSA insider Edward Snowden. It was revealed that the US government, in conjunction with private telecommunications companies such as Verizon and Apple, had been monitoring its own citizens’ private call data and other information. Proponents of the program argue that casting the widest net provides a better chance of catching and preventing terrorists from wreaking death and destruction.
Critics, on the other hand, argue that the cost of privacy and freedom is too big a price to pay. Though the program certainly has pros and cons, the precedent that it sets is concerning, to say the least. But it’s not like we have two-way TVs in our homes or anything, right? You’d be surprised.
The Internet of Things and You
One of the bigger key phrases circulating the headlines has been “the Internet of things” (IoT) – and 87% of consumers don’t actually know what the term means. IoT refers to devices that have sensors collecting and transmitting data via the Internet to proprietary servers (i.e. your phone, your Fitbit, your car’s GPS) and even — you guessed it — your television. As time goes on, the list only continues to grow. With Netflix and other services now offering taxing and high-bandwidth-consuming 4K streaming and with smart TVs dropping to affordable prices, it’s pretty clear that the amount of Internet usage in our homes is poised to explode.
One perfect example of the IoT in its all-encompassing glory is the modern smart home, now coming standard with sensors galore for monitoring water and lighting systems, home appliances, and even security systems. These sensors allow you to remotely turn on the lights before you walk into your kitchen, or to turn up the thermostat the minute you get off work so that the house is warm when you pull up in the driveway. While these features offer high convenience and would be extremely welcomed by the average consumer, they exist with one caveat; the IoT’s inherent and fatal flaw is that it is wildly insecure.
Just for a minute, forget the fact that the NSA has no moral qualm against spying on you through your phone and email. Forget even that they probably would have begun using other devices connected to the IoT to monitor civilians had they not been outed. The real culprit that you have to worry about spying on you through your TV is the 15-year-old down the street that knows how to hack your Kinect, or the creepy operator who hijacks your baby monitor and starts talking to your children.
The Internet of Things is so “hilariously broken” that Shodan, an IoT search engine, recently launched a section that allows users to browse vulnerable webcams. Cyber-delinquents are going to have a heyday if somebody doesn’t do anything about the security of the IoT quickly, because as technology continues to advance so does our dependency on this powerful and potentially dangerous commodity.
Major criminals are already starting to reap the benefits of vulnerable consumer data. Between 2005 and the beginning of 2015, cyber thieves stole over half a billion private records, passwords, credit and debit card numbers, banking information, and medical records from companies such as NASDAQ, JP Morgan Chase, Advocate Medical Group, and Adobe. What’s worse is that the supposed pinnacle of security, the US government, isn’t even above reproach when it comes to protecting data.
This was made clear by the 2015 attack on the Office of Personnel Management, which exposed the addresses, health and financial information and other sensitive personal data of more than 21.5 million citizens. Most surprisingly, personal data and banking information aren’t even the biggest concerns when it comes to security breaches and the Internet of Things.
Holding Your Internet-Connected Home Hostage
In late 2015, Joseph Bonavolonta of the FBI’s CYBER and Counterintelligence Program released a statement claiming that the Bureau was happy to aid companies dealing with cyber-security issues, but that they are basically powerless against hacks that involve ransomware such as Cryptolocker and Cryptowall.
Ransomware, for those not in-the-know, is a type of malware that takes control of your computer, locking you out unless you pay the hijacking party a ransom. In the worst cases, these scoundrels will flood your computer with porn pop-ups and even threaten to wipe your hard drive clean if you don’t pay up in time. The most mean-spirited will either hit you again with a subsequent ransom after you’ve already paid the first, or they’ll simply take the money and wipe your hard drive anyway. For some, this isn’t that concerning – many people have backups or keep their sensitive information somewhere other than on their laptop hard drive. But what if a hacker locked you out of your house instead of your computer?
In 2013 Forbes ran a story that detailed author Kashmir Hill’s successful hack of eight smart homes, giving her the ability to control lights, televisions and heat from all the way on the other side of the country. If a savvy hacker were to employ ransomware tactics via the IoT, they could wreak havoc on smart-connected domiciles across the world. Oh, you don’t want your thermostat to drop to 50 degrees when you’re at home and spike up to 80 degrees when you’re at work? Pay the ransom. You want your bedroom lights to stop turning on and off every 10 seconds so that you can finally get some sleep? Pay the ransom. Want us to stop watching you and your family through your in-home security cameras? Pay the ransom. You get the idea.
The Smart Home: Battlefield of the Future?
Perhaps the biggest bombshell that nobody seems to be connecting to the rest of the dots is China’s admission in 2015 that they are actually sponsoring a “martial cyber corp” made up of offensive hacker units. If the future of warfare sees the Internet as its battleground, you better believe that it’ll be no-holds-barred and everything from your cell phone to your smart car to your smart home will be a potential target.
All of these potential security flaws have been known for at least two years, and yet we still have a government that is trying to do away with encryption amidst a host of manufacturers that are releasing vulnerable products trusted to control the very abodes we live in. At the end of the day, however, it comes down to the choices that you, the individual user, make. The pros and cons are yours to weigh.
Is it worth it to be as connected as we are all the time? At what cost does this amazing power come? In the end, you may be giving up the last shreds of your security, your privacy, your home – essentially the last stronghold in a world as connected as ours – but hey! At least you’ll be able to watch “House of Cards” on Netflix.
Andrew Heikkila is a blogger and tech enthusiast from Boise. He enjoys writing about cyber-security and other pertinent issues, and does it all while listening to smooth jazz. You can follow Andy @AndyO_TheHammer on Twitter.