Smartphones increasingly have the ability to remotely control an entire ecosystem of new devices including cars, thermostats and even blenders, but these Wi-Fi connections need heavy security to protect personal data bouncing between these products, according to a pair of new cybersecurity reports.
The benefits of Wi-Fi connected devices outweigh the risks. These products, however, use simple processors, making them more vulnerable than a standard Internet connection, according to James Lewis, a cybersecurity researcher at the Center for Strategic and International Studies.
Lewis wrote a report, and in an advance copy obtained by U.S. News, he cites how the so-called Internet of Things ecosystem will enable computer hackers to do physical damage through those connected devices. A new generation of cars, for instance, can be hijacked through their Wi-Fi connections. There will be a greater threat to hackers once automated driving features go mainstream.
“Limiting device autonomy or providing a way to override autonomy reduces risk,” the report states. “Internet of Things standards should require a higher degree of human intervention and control for sensitive functions.”
Both devices and the networks that connect them will need to be made more secure, and the government should set higher standards for more advanced gadgets that “create valuable data, perform crucial functions, or can produce mass effect,” the report states. The Federal Trade Commission is debating with the tech industry on how to ensure that privacy and security safeguards are built into new connected devices without stifling innovation.
Indeed, some connected devices transmit data with little to no protection, according to researchers from Princeton University, who recently presented a report during a privacy convention hosted by the FTC.
Princeton Ph.D. student Sarthak Grover and fellow Roya Ensafi stated they were troubled by the lack of security built into numerous connected gadgets including the Belkin WeMo Switch, the Nest Thermostat and Ubi Smart Speaker. Certain devices used some encryption but an unsecured Wi-Fi signal could still reveal a user’s activity on those gadgets, according to the report.
“User interactions with these devices generate traffic signatures that reveal information, such as when power to an outlet has been switched on or off,” according to the report. “It appears that simple traffic features such as traffic volume over time may be sufficient to reveal certain user activities.”
Grover and Englehardt also expressed concern about how tech companies “may use and share the data that they collect, even if they manage to collect it securely.”
Google purchased Nest in 2014, for instance, and hopes to use the smart thermostats as part of a Wi-Fi ecosystem that will pair with voice search to enable people to remotely control numerous electronics in their homes.