Hacking IoT devices can also have an emotional side effect
As IoT developers race to deliver the product to the customer, manufacturers often sacrifice security. Piecing together security studies reveals a bleak picture, detailing the serious risks that come with adding connected things to a home network. Damages from attacks launched from the internet of things, however, are not limited to lost privacy or money – they can also damage the psyche, instilling fear in the victim.
With poor security, a smart doorbell can let a thief into a home network, an IP camera could show strangers the residence and its inhabitants, and a connected TV could snoop on someone’s viewing habits or force content on them. These weaknesses can be exploited for a perverse sense of voyeurism, or profit.
Bitdefender Chief Security Researcher Alexandru Balan says regular users don’t worry about their devices getting enrolled in a botnet because this does not affect them directly; but when their personal comfort takes a hit, they decide to do something — usually either getting protection from a security solution or getting rid of the product.
When smart things in the house start acting strange constantly, there is a good chance the average consumer starts to consider “crazy” or “ghosts” as plausible explanations.
“Suppose I start messing with your smart thermostat and turn the heat up and down, what do you do?,” asks Balan. “Let’s say you have smart light bulbs and at 10PM I start switching them on and off, and then dim them to 20%, to 30%; what do you do? You turn off the power in the house and sit in the dark, there is nothing else you can do.”
James Andrew Lewis, Senior Vice President at CSIS research institute in Washington DC, agrees with this theory. Referring to mass attacks on critical devices, he likened repeated IoT hacking to the state of fear and uncertainty generated by the 9/11 events in the US:
“The repeatability of an IoT attack also determines its psychological impact,” Lewis says. “Hacks that appear to be repeatable and unstoppable will create fear and uncertainty, similar to the fear and uncertainty that gripped the United States after 9/11 when it was not clear that the suicide attacks were not the opening rounds of a long campaign of attacks. The ability to cause a plane crash creates terror, but the inability to predict when and how often these incidents will be repeated increase that fear.”
Although the IoT has been a media buzzword for years, advances in securing these devices have been so small that they’re borderline non-existent. Apart from a few major players (Google, Apple, Amazon) raising the standards by simply entering this market, not much has changed. What is worse, most of the times IoT hacking can be done quite easily by individuals with little technical knowledge.
Photo credit: Pixabaycyber-security depression IoT hacking