discussion 1 critique the discussion below de
The future is a bright one for smart devices like voice activated smart home controllers and smart thermostats. Including smart devices in our renovations keep us on the cutting edge and competitive with our competition. These devices enhance our customers lives by automating tasks and allowing them more free time to enjoy the things they would rather be doing. Unfortunately, our company may be liable for damages if our customers lose privacy due to the insecurity of these devices.
A simple hack could expose our customers’ data if the manufacturers do not build them with security in mind and continue to provide security updates throughout the life of the product. Concerning mobile health smart devices that transmit client health data to doctors, Arabo says that the manufacturers are not concerned with security and do not put effort into making them secure (Ararbo, Brown, & El-Moussa, 2012). Even when care is taken by the company providing the smart device to include better security features, it is still up to the consumer to activate or use them. Security features such as Two-Factor Authentication (2FA) which, besides a password, requires another medium such as a phone registered to the account in order to authenticate can help protect devices from being hacked. But, these require the consumers to set up or elect to opt in to that feature in the first place.
Due to the nature of most smart devices requiring access to and from the internet, they pose a risk that those devices will be accessed by someone other than the intended party. In a recent study of 34,686 “controlled experimentsâ€, 72/81 smart devices were monitored “talking†to a destination that was not the manufacturer. This study also revealed that all of the devices that were tested exposed at least some information in plain text, allowing anyone listening to easily read the data. Information Exposure From Consumer IoT Devices:
There are many recent cases of consumers suing companies for negligence when installing smart devices that are not well protected or easily hacked to leak personal data. Toyota and Chrysler installed devices were claimed to be controlled remotely and “exceedingly hackable†by the plaintiffs. Even the home security company ADT has been taken to court with the plaintiff claiming that ADT’s wireless security systems can be remotely turned off or used to spy on the owners (Gorman, n.d.). Baby monitors are even a target now too. Many wifi connected baby monitors are cloud enabled so that the parents can view their children from anywhere. This internet connectivity creates risk and several camera models have been hacked over the internet allowing the hacker to view, listen, and talk through the camera (Vaas, 2019). Beyond the financial impact associated with lawsuits, we risk our reputation and client trust if we knowingly install insecure equipment and we don’t take the time to ensure our customers know how to effectively secure them. A smart thermostat may record daily activities in order to save the owner money on energy costs. But if the device has not been updated from the default password the owner risks losing that data to a hacker using a simple password guess. The question then is who is liable for the damages?
If we decide to install a smart fridge that can order groceries when the customer is running low on milk, we need to inform the customer of the risk associated with their data and provide security measures the customer can take to protect their data. We should have a team or task force designated to research the security of the smart device products we install to make sure we provide our customers low risk options.
References
Arabo, A., Brown, I., & El-Moussa, F. (2012). Privacy in the Age of Mobility and Smart Devices in Smart Homes. 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Conference on Social Computing. doi:10.1109/socialcom-passat.2012.108
Gorman, L. (n.d.). The Era of the Internet of Things: Can Product Liability Laws Keep Up?, Defense Counsel Journal, 84(3). Retrieved from https://www.iadclaw.org/publications-news/defensecounseljournal/the-era-of-the-internet-of-things-can-product-liability-laws-keep-up/
Vaas, L. (2019, November 26). Parents say creep hacked their baby monitor to tell toddler they ‘love’ her. Retrieved from https://nakedsecurity.sophos.com/2019/11/26/parents-say-creep-hacked-their-baby-monitor-to-tell-toddler-they-love-her/