Cyber Security in focus: Internet of Things – who is listening?
Sharing information and talking to family is a natural part of your daily communication, but how restricted are you when there is a device that is constantly listening to everything you say?
At Saab, we constantly handle information that is critical to our customers, and sometimes is a matter of national security. During October, EU’s official cyber security month, we will focus on the increasing cyber security challenges and provide guidance through a series of articles covering different cyber security issues. This is the second article, you find the first one here.
When you purchase a smart device, you assume that the device comes with the necessary safety measures to protect your information. However, when it comes to IoT – Internet of Things – it is not unusual that security measures are not prioritized, especially when we are talking about technically simple products.
“There are applications that are designed to eavesdrop, and will get through Google and Amazon’s screening processes. The applications use silence to eavesdrop. With the aid of simulated silence, a sequence that Google Home and Amazon Alexa tried to translate into speech, the voice assistant kept on listening even after the user thought that it had completed its task," says Pierre Anderberg, Chief Information Security Officer.
"Even if a compromised smart device does not personally affect you, there is a risk that it could be used in a botnet for DDOS (stress attacks). This is because smart devices, like your refrigerator or baby monitor, don’t have integrated security. A famous case is Mirai, that used smart devices as botnet nodes to close down services such as Netflix, Twitter and Github," Pierre Anderberg adds.
There are two major causes for concern with smart devices
- They are always listening.
- They can become hubs where you connect a multitude of different devices, which creates even more vulnerabilities that hackers can expose.
10 tips for safe use of smart devices
- Keep track of which devices you connect to the smart device. Do not let the smart device connect to security functions in your home such as the alarm system. You should also disconnect your calendar and/or your address book. In Google Home and similar services you can choose which functions to integrate, go to the app’s settings.
- Remove commands. Smart devices usually let you remove old commands; this is a good way to remove sensitive information so that no one else who accesses for instance your Google Home can see what you have been googling or other commands that you have given.
- Be wary about what you are sharing. There is information you do not want your smart device to have; passwords, credit card information or social security number for example. Remember that it is possible that your information spreads just by someone asking.
- Turn off the microphone. Turn off the microphone when you’re not using the device. That way you can make sure it is not eavesdropping.
- Turn off purchases. Use a password or other authentication mechanism such as fingerprint or face id to make purchasing safer. Don’t use one click to buy.
- Keep an eye out on email notifications. If your email notification function is active, you have the possibility to review the decisions taken by your smart device.
- Turn off personal aids. Your smart device can help you pay bills and deal with other sensitive information. Within this function lies a vulnerability that your personal information can leak. It is advised to turn off this function.
- Network. Use a WPA2 encrypted Wi-Fi network and do not use an open hotspot at home. Create a separate Wi-Fi network for guests and non-trusted smart devices.
- Activate voice recognition. Voice recognition could be a way to improve the security, but it is not to be fully trusted.
- Enhance your passwords. Use strong passwords and activate two-step authentication to protect your services linked to your smart device!