As we wind up Black Friday, it is now time to start to move onto the official shopping season of Christmas. More than likely, most people will want some cool tech gadget, or even some kind of gaming app, etc. In other words, something that has to do with electronics, digital assets, and Internet connectivity. With this in mind, it is the Internet of Things (IoT) which has started to make its debut in 2018.
This has not been so much from a product gala standpoint; but rather, much more from the Cyber security point of view. In short, the IoT is where we are all connected to the objects that matter to us both in the physical and the virtual world.
The basic crux of this is to make our lives easier and automated. But with all of this connectivity, there in lies one problem: The attack surface for a Cyber hacker has increased just that much more, with all of these connections.
Because of the newness of the IoT, not too much thought has been given to this Security aspect. It’s easy to point blame to others; but this is not deserved as even nobody even really understands what all of this connectivity means to society as a whole.
In fact, it is expected that 2019 could very well be the year of the IoT, and all of the Security difficulties that come along with it.
But believe it or not, and much to my surprise, IoT related gadgets are amongst some of the hot items to give as gifts this Christmas. For example, the list includes the following:
*The Nintendo Switch gaming console;
*The latest Roku streaming box;
Because of the lack of Security standards and best practices surrounding this plethora of IoT devices, Cyber security professionals from all over are now offering their advice as to how you, the consumer, can protect yourself from all of this connectivity.
Here is a sampling of some this, and believe, it or not, it is just plain simple advice which can carry you a long way:
*Launch into the Google Search engine. Type in the name of the tech gadget that you want to purchase, and just after, add some key words like “hack”, “vulnerability”, or even “security”. If you see a thread of negative reviews or any mention of its lack of Security, then simply do not purchase it.
*Be very careful of Smart watches and Fitbits, especially those that have been created for young children. Some of them can secretly track their GPS coordinates, privately listen in on their conversations, and even collect other forms of PII (Personally Identifiable Information).
*If you are intent on downloading a Mobile App, create a brand-new account on the Apple Store or Google Play with a phony Email address. When creating a new password, the creator of the Mobile App should display a “Password Strength” dialog box just to see how strong your password really is. If this the case, then it is evident that the creators of the Mobile App really do not care about Security, so it is in your best interest not to even download that particular Mobile App at all.
But Mozilla has taken IoT Security even a step further so that consumers can understand it better. For example, they have created and implemented an “Emoji-based Creepiness Scal” for 70 of the most popular IoT products, along with more in-depth Security information on each. All of this can be found at this link:
The range of Security goes all the way from “Super Creepy” to the “Happy Emoji”. Of course, if a product is deemed to have a good layer of Security to it (such as parental controls), then they will be awarded the latter. So, what are the criterion for getting a “Happy Emoji”? Here it is:
*The product must incorporate some layer of Encryption into it;
*It must have a feature to get automatic Security updates;
*It must have been either Pen Tested or subject to Bug Bounty Program;
*It must make use of a Password Manager.
Even QVC has went as far as to create a brand-new video creating a spoof on its own channel about the dangers of all of the connectivity that is related to the IoT. That video can be found at this link:
My thoughts on all of this?
Actually, I think it is really clever what Mozilla has come up with, and perhaps, even that the Cyber security industry as a whole should even adopt. As an American society, let’s face it, we still do not heed all of the warnings that are given to us.
Maybe perhaps this is just too much information overload? Perhaps maybe having something as silly as a frowny face or a happy face maybe all that it takes to get people to start actually thinking about the Security in the world that they live in.
Perhaps this should not be done on an everyday basis, as we want people to take this stuff seriously. But this would definitely be a great feature to have for times like this, when people’s guards are down, and the Cyber attacker takes complete advantage of this.
It is also highly anticipated that 2019 could be the year when there will be more Federal Legislations passed on IoT Security. The first type of this was just recently passed in California, and will take effect on January of 2020.
The law has been severely criticized as being too vague, but it at least has one feature that is plausible: It requires the vendors of IoT products “. . . to generate a new means of authentication before access is granted to the device for the first time.”
In other words, don’t just rely upon the Vendor supplied password . . . you need to create your own.