Risky Business
Nothing in life is perfectly safe. The convenience of owning a car comes with the risk of a car accident. Understandably, the internet is the exact same way, though it has been marketed as if this is not the case. For instance, IoT (Internet of Things) devices are devices that are not a computer or cellphone but have internet capabilities. This includes pretty much, any smart device such as a TV, Thermostat, or those fancy refridgerators with the built in tablet on the door. An internet capable thermostat provides the convenience of modifying the temperature of your home without physically touching the thermostat, which is so UNDENIABLY useful that it would be ridiculous to tell someone not to use them.
Are You Telling Me Not to Use My Appliances?
Absolutely not! In fact I am extremely passionate about something that I call… user friendly security - as secure as possible without significant lifestyle and preference modifications.
The objective here is just to inform you of how hackers take advantage of convenience so you can make educated decisions about WHICH IoT devices should be allowed on your home network. Internet security in my opinion is quite like an investment portfolio. I believe each person should understand the risks associated with your internet lifestyle and determine which short term and long term risks you are willing to take in exchange for convenience, entertainment, or time.
So How is My Appliance Dangerous?
In most cases, it’s not dangerous by default. This is where brand and company reputation matters. For instance, personally, I wouldn’t purchase light bulbs that connect to my wifi from a brand on TikTok that I’ve never heard of. These devices could have backdoors (hacks) built in to spy or do other weird things without being detected once you connect them to your WiFi. Most people may think it is harmless because it’s just a lightbulb, but that lightbulb functions by communicating with software that you can’t necessarily validate. If I wanted to introduce a system like this into my home, I would be much more comfortable with a known brand such as Phillips or Samsung, however these don’t come without flaws.
Why Aren’t Trusted Brands “Safe”
It’s simple actually. These companies with reputations aren’t intentionally creating products that are meant to take advantage of your internet security, but math will always be math. For a company like Samsung, a smart lightbulb probably doesn’t make an impact on the year end balance sheet for a few reasons: 1. Lightbulbs are cheap, 2. LED Lightbulbs are not a recurring purchase for most customers as they last a long time, 3. Introducing software to a product cuts into profit margins which probably makes the lightbulbs unprofitable. This means that the lightbulbs only exist to grow the brand (marketing), sell your data (we’ll discuss this more in another journal later), or introduce you into their product suite so you purchase some of their higher ticket items. This means that the software support for the lightbulbs will be minimum and barely work because they cannot afford to pay 10 or more engineers making 6 figures to exclusively work on lightbulb software. Unfortunately, this is true of many IoT devices, because the “smart” branding/promise gets customers to make the purchase. Companies don’t actually always want to make “smart” items, they just know it is a powerful word for selling products. However, making and updating software cuts into the profit unless they launch a successful subscription service to use the software. Again, they just want to sell the product, funding a software for your convenience post-purchase is a loss for them as you paid for the product and not the cost of the software.
We’ve all been victim to this system and now you understand how it works.
How Do Hackers Exploit This
This is simple too. Essentially, nothing stays the same on the internet. New vulnerabilities and security attacks are discovered daily and new devices are created daily. As new cell phones, computers and other devices are created, software has to be rewritten to run and operate correctly on these devices. It takes a full time development and security team to ensure any software product is as safe as possible and these devices don’t usually make enough money to support that effort longterm. This means that somewhere down the line a hacker realizes there is a security hole in the software that has not been fixed and they take advantage of it. While the software from your refridgerator may not be used by the hacker to do malicious things, getting access to that device can help them get access to other devices on the network that may be more important.
Should I Be Afraid?
Not really. As always just be informed and use the information to make decisions. If you need convenience, be wary of cheap products from unknown companies. Go with a more trusted brand and understand that even those come with risks as well. From there it is up to you to determine if you will take the risk based on how likely you think it is as well as how much of an impact the risk would have on you and your family.
Finally, and most importantly, always do the security updates as soon as possible, as those will help to lower the risk.