The CIA and the Internet of Things: Big Brother—and Who Else?
|Author modification of photos by Tessa Baert and Pierre Lecourt (CC BY-SA)|
Despite all the (mostly overblown) hype around the Internet of Things (IoT), its main effect has been to ring security alarm bells. US intelligence has long warned of the capability to spy through IoT devices. Though the idea of the CIA, FBI, or NSA listening in is creepy, this isn't the main thing you should worry about.
There's been a lot of hype around the Internet of Things (IoT). So far, it has yet to fundamentally change our lives and blow our minds. This may still be come. What is already happening, as "revealed" by the recent WikiLeaks document dump, is that the IoT has become a security concern. In fact, we have known about the lack of security in IoT devices for a long time, whether the worry was hacking your car or spying on you through your television. Your biggest worry is probably not US intelligence agencies, however: Big Brother probably isn't watching you, but someone else could be.
Why am I not particularly worried about the CIA spying on me? For one thing, there are rules and legislative and judicial oversight of the intelligence agencies. Sure, you may think there is not enough oversight, but there's a lot more than there is for a criminal organization. What's more, it's just unlikely. I would be truly worried to discover the NSA, CIA, or FBI is monitoring me, but not primarily because of the intrusion into my privacy. I'd be alarmed because it would mean they were unable to tell the difference between me, who has a website called "hamasterrordatabase.com" and publishes research on defense and terrorism, and someone who sympathizes with terrorists and could be planning attacks. That sort of ineptitude is a truly scary prospect. Despite their massive perceived powers, the intelligence agencies could not spy on everyone even if they were legally permitted to. I'm not saying you shouldn't worry about what our agencies are doing, but thinking they're watching you is a bit solipsistic.
The real worry is how easily hacked many IoT devices are. While companies have been adding internet connectivity to everything from TVs to fridges at a rapid pace (and often, I'd argue, without asking if this is really useful at the current stage), little thought has been given to security. Criminals hoping to perpetrate identity theft or perhaps accumulate blackmail material could hack your phone, computer, or TV. So what can be done? When terrorists wish to avoid being caught, they go off the grid. They reportedly use age-old tricks of spycraft like dead drops or postal mail. Similarly, hackers often break into high-tech systems using low-tech means, such as getting a disgruntled worker to insert a flash drive into a local computer, thus getting around its firewall. Low-tech solutions can be the answer for those wishing to protect themselves, too. Facebook CEO Mark Zuckerberg reportedly covers his laptop camera. I do, too. If your TV has one, consider doing the same there (I use sticky notes that are easily removed for video chats). Keep your phone in a case or be mindful of where its camera is facing.
Microphones are a bigger worry because they are more likely to gather compromising information and they are harder to block than cameras. You may be able to turn your TV off with an actual switch (so that not even a remote can turn it on). This is a feature added recently to reduce energy consumption from devices that are really in a sort of stand-by mode rather than fully off. Otherwise, avoid activating voice controls on Android devices (such as Google Now, which leaves your mic on so the system can react when you say "OK Google") and don't buy Alexa or other voice-activated devices if you are worried. But what about the phones, computers, and tablets we have already and can't live without? There are some software solutions, like MicroSnitch (for Macs), NetLimiter (a firewall for Windows), and SnoopSnitch (for Android). I have yet to try any of these personally and am not endorsing them, but they are worth looking into and I plan to do so. The internet has brought wondrous opportunities for expanding our knowledge, communicating, and more, but with Big Brother and lots of unidentified Little Brothers out there, the advent of the IoT means IT security thinking should be part of our everyday lives—whether we like it or not.