Can the “internet of things” be used to spy on us?

There is no more “if” or “can”, today there is one and only answer: “yes”. Yes, your IoT devices collect information about what you do in and outside of our homes, yes, it’s sending it to the cloud, yes, and this information could be used against you, no, it’s not paranoia, it’s a reality.

We all have at least one connected smart device. We can’t live without our smart TV’s, smartphones, smartwatches, smart glasses, smart fridges, smart furniture, smart cars, smart security systems, and many others “smart’s” that aim to make our life easier and better. And at this point, we are actually personally transferring private information into the hands of those who can use it against us and we cannot even guess about it.

How would you feel if some hacker across the country knew what brand of milk that you buy or if you’re really being faithful to your diet? Probably, I wouldn't worry much, but what if that hacker was also a thief and he used your fridge to gain access to your entire phone? This actually happens a while by the way. After he gets access to all your apps, online passwords, accounts, he’s enjoying your bank account and you have no way to regain your privacy. He can even commit a crime from your hacked devices.

Another example: think about your Smart car. It collects and sends to the cloud information about the speed, driving time, even number of passengers. It knows where you are usually driving, where you live, how long you stand in traffic and many others, at first glance, insignificant things. Doesn’t it scare you, just a little? And now think that someone with malicious intent has taken over the data from the cloud and knows that you, for example, go to the billiards club every Friday and you are not at home until 11 pm. It’s a great possibility for a thief, don’t you think?

Or another instance, after a game of pool, you and your friends went to a bar and drank a little, not a big deal, it’s Friday and everyone wants to relax, but you have a Smart bracelet on your arm and it automatically sends data on the amount of alcohol in the blood to the cloud. You got home safely, you were not robbed, everything is fine, but suddenly the police are knocking on your door and saying that you were driving while intoxicated and you are thinking: “How do they know?” 

Similar examples can be made about a smart refrigerator that knows what you eat, a smart TV with a camera and a microphone, a smart heating system that can be hacked and much more. Just imagine, according to Cisco Systems, by 2020 there will be 50 billion connected devices worldwide. I’m not trying to scare you or convince you not to use the IoT devices but make you realize, as connected devices become more common, you’ll need to consider potential vulnerabilities.

When you buy Internet of Things devices like a light bulb or thermostat or a baby monitor you think that this object is yours and whatever you do with it is ours, but here’s a thinking error. The data that we think is private is internationally sold by companies that were hacked by thief’s and that information we thought was private is now public or available on the dark web.

Today there is no regulation of almost any customer devices or the data that they collect, currently, companies don’t have to tell us what data they collected, who they are selling it to or what third-party companies they are sharing our information with. Most companies won’t take sufficient measures to protect us as consumers unless they know they’re going to lose money or credibility.

So, what can you do? Now, at home? There are some tips that may save you a little better than you’re safe now:

1. Update your device’s with complex passwords;
2. When you’re using free Wi-Fi in public make sure that it’s password protected and that you’re connected to the correct network. If you accidentally lock to the fake network a thief can see and record everything that you’re doing;
3. Read reviews before buying a new device or downloading apps and when an app software ask you to update do it immediately;
4. Avoiding linking accounts and devices;
5. Purchase identity theft coverage.
6. 
   

In the future, we’re going to interact with many IoT devices and we can't avoid it. These IoT devices are going to collect a lot of information about you. This information can be used to provide you better services, but on the other hand, this information is going to be leaked to an adversary and he will be able to use it to learn many things about us and compromise our privacy.

It’s mandatory that whoever is managing these services will make sure that it’s using the best security technologies to protect our privacy from any potential violation, but we must also take care of ourselves on our own.