Mobile Security
Are Hackers Reading Your Heart Rate?

Are Hackers Reading Your Heart Rate?

Like GearBrain on Facebook

Consumers are getting smarter about their IoT devices. They want them to link to each other, while still staying secure and keeping their personal information private.

Think you're safe using your smartphone to lock up the house? Maybe not. Curious who else has access to personal data like your sleep schedule, or medical details? The three biggest trends impacting consumer, gaming, home and office tools that make up the Internet of Things (IoT) are security, privacy and the ability for these devices to work together. Consumers want to know how these issues impact them — and that brands are paying attention to their concerns.

IoT: As Secure As You Think?

As smartphones and websites start to manage IoT devices, security issues are cropping up quickly. In the past, devices linked to each other through intranets — or away from Internet connections. Access from the outside was rare, certainly not easily attained and “air gapped," says Jerry Irvine, chief information officer for the Chicago-based Prescient Solutions, an IT support firm. “That provided security."

But these days IoT devices are increasingly controlled by mobile devices and websites opening them up to the Internet and therefore an entire universe of attackers. While that makes it easier for consumers to access everything from their email via a watch, or their home locking system from a smartphone, it's also easier for hackers to access those areas as well.

“From a convenience factor it's wonderful," says Irvine, who is also a member of the U.S. Chamber of Commerce's Cyber Leadership Council “From a security factor it's scary as heck."

McAfee Labs, a cybersecurity research group, agrees. In its report, “2016 Threats Predictions Intel Security: A Five-Year Look Ahead," notes that the increasing use of smartphone and tablets by consumers makes these devices a growing target, one hackers will “aggressively" target for the next five years — particularly to mine data they store, or even data that is shared with them, McAfee Labs writes.

Yet the growing use of mobile devices has also led to new advances, designed for these tools, notably biometric options like fingerprints. The iPhone's Touch ID is just one example. Iris scanning, already well-adopted at the corporate level, is also being considered for devices such as smartphones.

“My mobile devices now have biometrics on them," says Tony Anscombe, security evangelist for the Amsterdam, Netherlands-based online security company AVG Technologies.

Do Your Devices Play Well With Each Other?

Manufacturers are also increasingly looking at the way devices interact with each other because the failure of IoT devices to communicate with each other seamlessly, is inhibiting security and innovation, experts say. But the day when all devices speak the same language is anywhere from five to ten years away.

“That's the biggest problem of IoT — it's an I-o-mess," says Oliver Ratzesberger, president of Teradata Labs, the innovation engine of Teradata, an international computer company that sells analytic data platforms, marketing applications and related services. “It makes it very difficult to…simply drop a box in a home and say this is now a connected home."

As many as five different standards organizations are now suggesting more secure communication protocols, which would provide higher levels of integration between devices and the security solutions that manage them, Irvine says.

Still, Tim Erlin, director of IT security and risk strategy for Tripwire, a Portland, Oregon security software seller, says the inability, at this stage of the IoT market's development, for some 20 billion consumer IoT devices to communicate with each other is normal.

“We're likely to see competing standards, followed by an emerging leader," says Erlin.

Individual industry product types will be the first to adhere to a common language, says says AVG's Anscombe. For example, medical devices already use a common programming language, as does wireless audio equipment. Eventually all IoT devices will have to conform to an overall standard established by a non-governmental body like the Institute of Electronics and Electronic Engineers or IEEE Computer Society, he says.

“Industries will be driven to communicate with other devices that are similar to theirs," AVG's Anscombe says. “Otherwise people aren't going to buy them."

You Read Your Emails. Hackers May Be Too

Privacy worries continue too. Yet experts say consumers will have to be the ones who push for greater IoT data privacy. That will only happen if, or when, the public finally sees what's being down with their information.

“Users need to step back and think 'If I can see this, if I can use this from my phone, other people can see it, too. And 'Do I really need that and if I do need that how do I secure it?'" says Prescient Solutions' Irvine.

The wake up moment for AVG's Anscombe followed the South Napa, CA earthquake, as he read fitness tracker Jawbone's blog in the early morning following the August 2014 quake, he says.

Using data from users of Jawbone UP, an IoT device used to track sleep, the company was able to graph the number of users woken up by the trembler, how long they stayed up, and now far they were from the epicenter.

“As you read it you think 'Wow.' he says. “But then, as you read it, you think: 'Hang on a minute. So, they were collecting all of the data of all the people who were sleeping in real time. And actually, using that, aggregating that, they start to come up with some really interesting insights. While those insights are super interesting what's happening to the rest of my data when I purchase a device of that type? Was I fully aware that I was sharing that data? How I was sharing it? Who I was sharing it with?"

Companies need to step up and make it clearer what they are collecting, he says. A much clearer agreement policy between consumers and device makers would be a good place to start, he believes. But consumers, too, need to step up and take note of what's being collected about them, and understand the value of their data, he says.

Eventually, simplified and explicit disclosure agreements written in plain language, like AVG's one-page privacy page will prevail, he says.

“I think there is a trend to go towards more openness," he says. “If consumers start demanding more disclosure then we, industry, will step up and give it."

Like GearBrain on Facebook
The Conversation (0)

GearBrain Compatibility Find Engine

A pioneering recommendation platform where you can research, discover, buy, and learn how to connect and optimize smart devices.

Join our community! Ask and answer questions about smart devices and save yours in My Gear.

Top Stories

Weekly Deals