Can Your Coffee Maker Be Hacked? Cybersecurity Issues and the Growing Internet of Things
By: Lewis Brisbois' Data Privacy & Cybersecurity Team
Internet of Things (IoT) devices have flooded the lives of consumers over the past few years, with the global IoT market valued at $384.7 billion in 2021, according to a March 2022 report from Fortune Business Insights. "Smart" technology has become a standard feature on most consumer products, from smartwatches and lightbulbs to dishwashers and toasters. IoT devices are also common to see—or not see—while simply walking down the street. There are smart trashcans that alert city sanitation workers when they are full and even sensors on streetlights that listen for and detect gunshots. With a growing number of devices being connected to the internet, it is increasingly important that the public be sufficiently educated on the risks that accompany IoT devices.
What is an IoT Device?
An IoT device is any type of physical object—not including computers—that has the ability to connect wirelessly to a network and transmit data. This can include anything from children's toys, guns, or even medical devices. IoT devices are usually marketed as a way to make life more efficient by controlling everything from one place, such as your smartphone. It gives users the ability to preheat the oven, turn on lights in or outside the home, and toss the dog a treat from a pet camera before even starting the drive home from work. But connecting so many types of non-traditional devices to the internet opens the door to brand new security complications since the core function of an IoT device is not internet connectivity. That smart coffee maker on your counter was not designed for security—it was designed to make coffee.
How Can IoT Devices Be Dangerous?
The desire to be efficient and a willingness to connect just about anything to the internet can cloud our ability to fully recognize and understand the risks that accompany hyperconnectivity. While most security features are built in during the design process, it is important that consumers are aware of these risks and take the appropriate steps to secure their devices or maybe think twice before adding more gadgets to their home networks. Setting up a new device is a critically important time for a user to ensure the device’s security, as IoT devices can sometimes be attacked within minutes of connecting to the internet.
Compromising an IoT device allows a threat actor unfettered access to any other devices connected to the same network, including smartphones, company computers, or home security systems. In 2015, Vtech experienced a hack that resulted in the theft of more than 4.8 million customer records, including over 227,000 records pertaining to children. In 2021, Silicon Valley-based security company Verkada was targeted by a group of hackers who gained access to more than 150,000 of Verkada's surveillance cameras. The hackers were able to both gain control over the cameras and view live feeds from psychiatric hospitals, gyms, prisons, schools, and police stations, exposing the potentially sensitive information of thousands of individuals. In just the first six months of 2021, IoT devices experienced more than 1.5 billion attacks. With many employers still seeing so many people working from home as a result of the COVID-19 pandemic, the security—or lack thereof—of IoT devices could end up costing employers as well. As long as the number of devices connected to the Internet continues to rise, so will the number of potential bad actors attempting to gain access to them.
IoT Best Practices
While the risks associated with IoT devices are unlikely to make them any less popular, there are several ways that consumers can help keep their devices secure:
- Timely updates: It is important to keep devices up to date with the latest software versions, as this is how manufacturers prevent threats.
- Encryption: Most IoT devices are not going to encrypt the data they contain, leaving users vulnerable to threat actors. While encryption may not be a fool-proof fix, it will help keep sensitive information safer.
- Authentication tools: Users should take advantage of multi-factor authentication (MFA) tools, such as multi-factor or token authentication, as an added layer of security.
- Purge old devices: Unlike that pair of shoes that have been buried in your closet for months, forgotten IoT devices pose a threat to your network security. It is important to disable devices that are no longer use to minimize possible entry points for threat actors.
For more information on this topic, contact the author of this blog post or visit our Data Privacy & Cybersecurity Practice page to find an attorney in your area. You can also subscribe to this blog to receive email alerts when new posts go up.