In November of 2016, Amazon Echo (“Alexa”) became a potential witness to a murder.
The incident backlit privacy concerns – are our smart devices always on, even when we haven’t “woken them up”? Are they recording data without our knowledge or permission? (According to smart home manufacturers, the answer is no. However, individuals still come to their own conclusions about these devices.)
Now, U.S. senators are turning the spotlight to Internet of Things security concerns.
What’s the Internet of Things Security Level?
Currently, low. IoT devices are still quite young; manufacturers, law makers, and users are trying to find a balance between privacy, security, and performance.
Smart devices can be hacked. It makes sense – anything hooked up to the Internet is a potential hacking opportunity.
The big issue right now? Manufacturers of IoT devices do not currently have to conform to industry security standards. These standards govern older technology like smartphones and laptops, ensuring they are patchable to keep up with new security threats. Alexa is more vulnerable than you might expect.
Why doesn’t the IoT conform to these standards already?
The IoT is a new frontier. Ten years ago, nobody thought coffee makers would need antivirus protection. Invention is the first step in technological advancement – safety evaluations tend to come after, especially for marketable consumer products.
There are an infinite number of potential threats in any product, and many vulnerabilities aren’t discovered until users interact with the products. It’s easier (and more affordable) to react to confirmed threats.
By 2020, researchers estimate 20-30 billion devices will be connected to the IoT. We have a long ways to go before all of them are secure.
What’s the deal with the new legislation?
The bill is still in its very early stages. Senators are meeting to hash out the details this week. In short, they want to stop manufacturers from supplying devices that:
- Have passwords that can’t be changed – this is the simplest way to bump up Internet security
- Have known security vulnerabilities
While this will help security in the short-term, we can surely expect to see new devices and creative threats create a need for new standards in the future.
In the meantime, be smart with your smart devices. Users have more control over device security than you think – here’s one way to protect yourself online.