News Item: A six-year-old girl in Dallas, Tex. named Brooke Neitzel accidentally orders a dollhouse and a 64-ounce tin of cookies when she asks the Amazon Echo Dot about such items.
And the story doesn’t end there. When a San Diego newscaster reports the story on the air, unsuspecting viewers who are themselves in possession of an Echo find that it too orders them a dollhouse, having overheard the newscaster’s words.
News item: A couple in Portland, Oregon discovers that the Echo records their conversation and forwards the audio file to one of the husband’s employees in Seattle.
News item: NBC News reports that home buyers would do well to be cautious about the previous owners, who through their smartphones can maintain control of everything in the house from security cameras to garage doors.
Such anecdotes are indicative of a far greater concern — that it is becoming more and more difficult to safeguard the Internet of Things (i.e., a network of everyday devices connected to the Internet), upon which attacks increased by some 280 percent in 2017.
It is nonetheless wise to invest in the IoT. A recent survey of 500 IT professionals by SADA Systems showed, in fact, that the IoT was viewed as the second-most promising area for investment in new tech, having been tabbed by 31 percent of the respondents. Only artificial intelligence, which was favored by 38 percent, was seen as having greater investment potential.
That stands to reason given the fact that there are expected to be 26 billion connected devices by 2020, according to the research firm Gartner — and that doesn’t even include PCs, smartphones and tablets. It does include the many other things that comprise the IoT, such as security cameras, DVRs, printers, cars, refrigerators, thermostats, lightbulbs and even wearables.
Spending on IoT items has, in the meantime, grown from $18 billion in 2009 to $1.1 trillion in 2017; it is expected to hit $1.71 trillion by 2019.
The areas that are fertile for investment are many. Start with the companies that make the microchips that power IoT devices — companies like Vishay Intertechnology, Intel and Marvell Technology Group, Ltd. Skyworks, which produces chips for not only the Echo but Hyundai and Cisco home-lighting tech, would be another wise play.
So too would Verizon, which has extended its IoT reach in recent years by acquiring Telogiz and Fleetmatics. That in turn has made Verizon a burgeoning presence in telematics (which links cars and fleets to the net), a market that is expected to draw in $18.4 billion by 2022.
Amazon is an obvious play, given that the Echo accounts for 70 percent of the smart speaker market at present, with the expectation that such devices will add as much as $10 billion to the company’s coffers by 2020.
Hackers have often exploited vulnerabilities in the IoT. In 2013, it was Target, the retail giant, that found itself … well, a target. Cyberattackers, working through stores’ internet-enabled heating, ventilation and air-conditioning systems, managed to access some 40 million credit-card numbers.
Three years later, a former Rutgers University student named Paras Jha pleaded guilty after he and two other men orchestrated a malware attack that reportedly cost the university some $9 million; it was also used to extort other businesses.
Protecting oneself is a matter not only of the consumer acting, but of defenses being constructed on the governmental and developmental levels, as well.
For the government, that report said, it’s a matter of developing protocols in concert with the cybersecurity and intelligence communities, and crafting regulations. But when the Internet of Things Cybersecurity Improvement Act was passed in August 2017 — an act that requires devices be patchable, more secure and enables users to change their default passwords — it was tailored specifically to devices sold to the U.S. government.
Developers, meanwhile, should be required to do such things as audit the devices before they are put on the market, or construct them in such a way as to force the consumer to change the credentials during set-up.
By and large, however, it falls on the consumer to protect him- or herself from attacks. That same report advised that you step back and evaluate which IoT devices you truly need, offering a web-enabled toaster as an example. The more devices you own, the more vulnerable you are.
John McCormack, the CEO of Websense, told pcmag.com that it is important to focus one’s security efforts on the router, for that is the most important piece of equipment when it comes to safeguarding connected devices.
Too many of us, pcmag.com reports, do not bother to change the default password after purchasing a router (something also advised by the Department of Justice). It is no less important to disable guest network access, and take the step of setting up multiple network names (SSIDs) — one, for example, for computers and printers, another for gaming devices and appliances, etc. Trey Ford, global security strategist at Rapid7, told pcmag that that ensures that even if you are hacked, the damage will be limited to a single network, as opposed to all your devices.
Brian Krebs of KrebsonSecurity.com also advised, via phys.org, a change in default credentials. He added that it is important to disable the Universal Plug and Play (UPnP), which can circumvent your firewall, and further believes that IoT devices featuring Peer-to-Peer capabilities should be avoided, citing difficulty in securing such things.
Other Department of Justice tips center on updating firmware when available and taking the simple steps of disconnecting IoT devices when not in use, as that can do such things as erase malware that is stored in memory. Another simple thing is to avoid using public WiFi to check on connected devices.
While these moves are prudent, the one toward investment in the IoT could prove profitable. Security issues aside, it is fertile ground for those who wish to make their money grow.