NCSAM – Week 4 – Our Continuously Connected Lives: What’s Your ‘App’-titude?
Week 4: October 24-28, 2016 –Topic: Our Continuously Connected Lives: What’s Your ‘App’-titude?
It’s hard to qualify just how much our world has changed with regards to connectivity. We are watching the “Internet of Things” take shape around us, creating an ever-growing web of devices that supports constant streams of inbound and outbound information. Our thermostats, vehicles, refrigerators, and televisions are just a few of the devices that are commonly shipping with internet connectivity as a standard feature. There are clear benefits to this trend, including ease of use and interoperability between devices. However, it is also critical to consider the risks associated with letting the internet penetrate this deeply into our daily lives.
For every device that communicates over the internet, there is a corresponding hacker who is probing it for vulnerabilities. This means, for the most part, that our internet connected devices are already under attack. This problem is exacerbated by the fact that some internet connected devices rarely, if ever, receive security updates to address identified vulnerabilities. Further, many of these devices are built on insecure platforms from the very beginning to save costs or increase usability. It is not uncommon for seemingly “high-tech” applications or devices to be running legacy software on the backend. This is why it is so crucial to understand which of these devices are internet accessible, and what information they may have access to.
Vulnerable Devices – Smartphones
For example, applications designed to run on smartphones regularly request access to functions which should make any consumer nervous. Why would a calculator app require access to your SMS messages or your address book? Unfortunately, the fact is that applications like these are using your information for advertising and demographic research, or even more malicious purposes, including the sale of your personal information. For example, the recent meteoric rise of the Pokémon Go app has ushered in the creation of several lookalike apps available for download which actually contain very malicious software which would allow the attacker to take control of the user’s phone. For more information on smartphone vulnerabilities, see our previous blog post, The Most Vulnerable – Smartphones.
Third party software is a serious risk related to the Internet of Things, because one can never be sure of the motives of the software designer who created the app. A good practice is to only download software from approved app stores, rather than external websites. However, Google’s Play Store and Apple’s App Store simply cannot identify all malicious applications before they are made available for download. At the end of the day, it falls on the user to decide whether or not the application can be considered secure. If the app is requesting access to your personal information, and you can’t figure out why, there should be an immediate red flag.
We cannot hope to prevent the coming of this new interconnected digital age, but it is possible to take steps to prevent your devices from putting you at risk. Understand where your information is stored, and control which devices and applications can access it. Restrict downloaded content to those applications that can be verified secure. Finally, ensure that all internet connected devices are regularly updated, where available. These tips, along with a healthy dose of common sense, can help you safely navigate the growing Internet of Things.