ESET is a CPG Business Partner and member of the Business Club by CPG – Find out more here
Does every device in your business really need to be connected to the internet? And could your smart appliance be turned against you?
If you try to purchase a new appliance these days, there is a good chance you will be guided toward the most up-to-date, state-of-the-art, smart appliances first. Whether you are in the market for a new dishwasher, fridge or even toaster, the chances are there is an internet-enabled device waiting to target you, but why the increase in IoT (internet of things)? Do we really crave every item in our houses and places of work to be smart, or do these companies have something a little more sinister up their sleeves where they actually just make things smart in order to learn more about us?
READ ALSO: On course for a good hacking
From the toothbrush that sends you a notification in the form of a graph of how well you brushed your teeth in the morning to the smart fork that senses if it thinks you’re eating too fast (I really am not making this up), we might just be walking into a future of IP-connected mayhem. IoT has boomed in the last decade and while I love a good gadget with a truly smart capability, where should we draw the line?
Some devices are arguably being produced with internet capability just for the sake of it. With more and more smart products coming to market as standard, what if I really don’t want an internet-connected washing machine? Does it make my life easier? And what about the security implications of having all these extra IP addresses in the home? Let’s not forget the saying that the ‘S’ in ‘IoT’ stands for security!
Data collectors
I was recently in the market for a new dishwasher and after lots of research, I found one that came highly reviewed and recommended. It happened to come with smart functionality by default and an app to download for all your smart home needs – apparently. I found a statement in marketing material about IoT dishwashers suggesting that you can take advantage of knowing ‘how long until the wash is done’, though I don’t see that as much of an issue when I’m out and about. I’m not sure about you, but this usually isn’t on my mind when I go out for a walk; then again, I guess they are catering for all people.
Such smart appliances are often around the same price as their equivalent non-smart model now too. Now I know I didn’t really need my dishwasher to be smart, but it was the same price and the techie inside me actually wanted to know its capabilities or to see if it could improve my life somewhat, so I carried on with the purchase and installed the app.
While setting up the app on my iPhone, I noticed a lot of data was being collected and linked to me, including my location, user content and contact info plus other identifiers. I went through all the settings and discovered a lack of two-factor authentication too, but this is typical with a lot of IoT.
Once I’d connected the app to the dishwasher, I wanted to see what type of connectivity I could take advantage of. I played around with the app for a bit and learned what was on offer. I opened the door to load the dishwasher, but I was soon interrupted as I had been sent a notification. I checked my phone and realized that I had been notified that the door had been opened…. I know! I opened it!
I quickly turned this notification off, but I soon found the app was not all that intuitive and in fact quite cumbersome. Later that evening and although I could have turned it on remotely, I was standing right next to it as I had just placed the last plate in; although I had my tablet with me, it was far quicker to turn it on physically, and like the reviews said, the dishwasher was refreshingly quiet when it started.
However, two hours later, it all changed in the house. I was standing next to my new appliance when the door began to open on its own accord as if it was possessed and was coming after me! Had my dishwasher been hacked and was now riddled with malware being remotely operated in order to kill me?! As the steam rose from the glistening plates, I soon realized that it was in fact the automatic door-opening feature that had sprung into action to improve the “drying performance”.
Ok, I overreacted a little, but this strange new spaceship-like feature caught me off guard and made me jump in the process. However, what this ordeal made me question was whether appliances and other gadgets really need to be smart? In this case, I am certain that the app was not, in fact, making my life more streamlined, so I deleted the app and made a conscious effort to stand clear of the door near the end of a cycle.
My hypothesis is that companies are in desperate need of our data. Cars have been sending a wealth of information back to their manufacturers for many years now and they are often the first to tell you that you have gone over the 10,000 miles threshold and now require service. This is now the norm for other gadgets around the home and we are seemingly willingly accepting this.
However, this information could be used against us if it were to get into the wrong hands. Malicious actors are constantly attacking websites looking for data and unfortunately some personal data inevitably still gets compromised and ends up on the dark web. Theoretically, threat actors could gain access to this live data in the cloud and even learn our daily habits, which could include when we have vacated the premises.
Although I am not aware of any data leaks involving smart household appliances, it is worth noting that these devices suck up a lot of personal data and store it in the cloud for multiple purposes – with, in my personal opinion, very little of this trade-off actually helping the products. This data trove can be seen as currency to some stakeholders and could be targeted so we must limit the amount of data we release in the first place.
If your device has to be internet enabled to function, consider reducing the amount of data you hand over to the developers of smart products. Furthermore, use unique passwords or passphrases, enable two-factor authentication where possible, and keep your devices updated to steer clear of as many vulnerabilities as possible.
Just consider this: If a malicious actor were to hold my dishwasher to ransom, there is a good chance they would get my money as I really hate washing up that much. So, until smart dishwasher apps come with being able to load the dishwasher, put the dishes in and unload it after a wash as standard, I think I’ll stick to traditional appliance usage in the kitchen for now.