The Internet of Things (IoT) after Snowden

What the Internet-of-Things means to your business' security.

Author: F-Secure Business Security Insider
Date: 18.03.2015
Read Time: 5 Minutes

While the Internet of Things (IoT) and smart homes could make our lives at home easier, more comfortable and perhaps even more fun for years, the business side of things can be a very different matter. The potential is limitless, but like any new technology that requires intimacy with our personal lives, privacy is a huge concern.

For older people or people with disabilities, IoT could be a real life changer. The elderly may remain on their own in their homes longer as breakthroughs in voice and speech recognition technology offer the sorts of assistance only offered today in nursing homes. In the work environment, where privacy and sensitive data is a big concern, clear rules of what smart devices (speech, voice and of course pictures) can pick up, need to be established.

Business owners and creative artists alike have been taping their integrated cameras onto notebooks and mobile devices for a while and have even disabled the microphones in their notebooks. But with the IoT, everything is listening to your voice, your speeches and your meetings. This needs to be a focus of IT units everywhere when choosing the right software in companies – no matter the size. Nowadays, it may just be Smart TVs (which are common in meeting rooms everywhere) but we are at the onset of the Internet of Things, so we may as well start discussing privacy and data security before we are halfway through the race – at work, mobile on the go, or wherever data needs protection. We need to keep control of our data on the IoT, no matter what: on mobile devices, when searching on Google (also when using text to speech), or at work in conference rooms or office spaces.

When even one of the largest hardware manufacturers, Samsung, made the news, it showed that we need to take privacy very seriously: ‘Samsung is warning customers about discussing personal information in front of their smart television set,’ the BBC reported.

This isn’t actually news. Our MikkoHypponen tweeted about this issue last year on Halloween:

…please be aware that anything spoken near your Smart TV will be recorded and transmitted to a third party…

— MikkoHypponen (@mikko) October 31, 2014

The tweet linked to a post from Michael Price from The Brennan Center who wrote about his new Smart TV, ‘You may not be watching, but the telescreen is listening.’ While Mikko’s tweet was re-tweeted several hundred times, it didn’t make the news and was largely ignored by business owners worldwide.

What did make the news was Shane Harris’ post in the Daily Beast, which brought attention to this line from Samsung’s Privacy Policy, ‘Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.’

EFF activist, Parker Higgins, noted that this reminded him of the technology in a very famous book:

Left: Samsung Smart TV privacy policy, warning users not to discuss personal info in front of their TV Right: 1984

— Parker Higgins (@xor) February 8, 2015

And the list of third-parties Samsung could share your data with includes their affiliates, anyone who does business with them and — of course — law enforcement . As Mikko has said, ‘Orwell was an optimist.’

The prospect of the exact methods of surveillance of 1984 being employed to share our private conversations with a third-party justifiably raises suspicions. Even if you, as a business owner or employee, think that this might only be a problem in your home or when you are outside of the office, that is not the case. Hackers who copy your ideas can become a very real threat. This means that you have to lock out the outside world from your IoT devices as much as you do with everything else. You are using firewalls, and now it is time to think about which devices could listen to what conversations and how you can gain control back with the right software. Our Security Advisor, Sean Sullivan, pointed out that the future of Google’s Chrome browser is ‘always-listening’. Enabling voice searches plus a ‘few’ seconds more could feel pretty creepy, too.

Some say these suspicions are overblown. ‘The suggestion that Samsung Smart TVs are “always listening” is a misnomer, and at the core of all the scuttlebutt’ Digital Trends‘ Caleb Denison wrote. He adds, ‘The information, Samsung assures us, is encrypted in transit and doesn’t get stored.’

The truth is that many of us want our devices to listen and react to us. Voice-activated technology and recognition has been a staple of science-fiction and futurism for decades. We just never realized it would be coming about in a post-Snowden world.

Mikko often notes that we’re more honest with search engines like Google than we are with our families. Yet, our computers and our smartphones are new technologies that have developed right in front of our faces. We remember what life was like when they didn’t connect, and the thrill we felt when dial-up became broadband and when connecting to the world became second nature. And then came the mobile use of this technology…

The innovations of IoT will be thrilling, but they’ll also present new questions about you and your digital footprint.

At F-Secure we take security and privacy very seriously. After all, that is our raison d’etre.

We have a team in place whose job is to make sure that people can truly enjoy the benefits of IoT without being worried about someone hacking into your refrigerator or without being worried about being spied by an Internet connected coffee maker.

What do you think? Are you evaluating which devices could be listening to your meetings or calls? Do you think about what hackers could be doing with all your sensitive data at work or while you are on the road on your mobile device?

Post Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s