Tuesday , 7 February 2023
Breaking News

Apple, the FBI, and the Internet of Things: Your whole house is open to attack

The conflict between Apple and the FBI has a long history--and your privacy is at stake

folding showdown between Apple and the FBI is almost invariably depicted in terms of the security and privacy of your smartphone.

That’s a huge mistake. What really hangs in the balance is the security of every modern device in your house — your refrigerator, thermostat, home alarm system, even your light switches and baby monitors — and the privacy that can be compromised by hacking any of them.

This is the frontier of the so-called Internet of Things: Privacy vulnerabilities have spread from your Internet-connected computers and phones to household devices that can give hackers, whether working for the government or acting illegally, access to a household network.

The FBI’s demand that Apple compromise the security of the iPhone used by one of the San Bernardino attackers could end up making all these devices less secure, when government policy should be aimed at making them all invulnerable.

Security expert Brian Krebs put the risk succinctly in a recent blog post: “Imagine buying an Internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast … network run by the Chinese manufacturer of the hardware.” Krebs calls this “the nightmare ‘Internet of Things’ scenario. … The IP cameras that you bought to secure your physical space suddenly turn into a vast cloud network designed to share your pictures and videos far and wide.”

Krebs was referring to a home surveillance camera by the Chinese firm Foscam, which came with the networking capability written in — and hard for anyone but a trained network engineer to disable.

But untold other networked appliances have been discovered to have security vulnerabilities. Digital researchers at Princeton recently reported vulnerabilities in a large number of household devices. Among them, the Nest digital thermostat was transmitting unencrypted location information about the homes in which it was installed (Nest, which is owned by Alphabet, formerly Google, fixed the vulnerability after it was reported); thePix-Star web-enabled digital photoframe was transmitting traffic to and from the device; and the Sharx home security camera was transmitting unencrypted video outside the home in a mode that could be intercepted.

Fortune reported last year that a Samsung refrigerator that allowed owners to display their Gmail calendars on a screen in the fridge door could reveal the owners’ Gmail logins to anyone who could gain access to their home Wi-Fi networks. The search engine Shodan has a whole section allowing subscribers to view unsecured webcams; security researcher Dan Tentler told Ars Technica that the feeds include “images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores.”