The Internet of Things (IoT) is about the use of the internet in your home with any device that can connect to the net. It seems like a good idea and in fact it is, but sometimes it can happen that that device has a very low level of security and can reduce the privacy of your data.
Being an emerging technology and in which any unconventional device can connect to the internet to improve its functions can lead to privacy issues. An example would be a coffee maker that shows you time. That coffee maker has a rudimentary operating system and all it does is connect to a server owned by the company that manufactures it and shows it to you on a screen (display).
Shodan, the search engine of the Internet of things
Shodan is a search engine for devices connected to the Internet. Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in measuring which countries are increasingly connected? Or if you want to know which version of Microsoft IIS is the most popular? Or do you want to find the malware control servers? Maybe a new vulnerability came up and you want to see how many hosts it could affect? Traditional web search engines don’t allow you to answer those questions.
Shodan collects information about all devices directly connected to the Internet. If a device is connected directly to the Internet, Shodan queries it for publicly available information. The types of devices that are indexed can vary greatly: from small desktop computers to nuclear power plants and everything in between.
Problems of Internet of things
There are several problems with devices that use the IoT that have to do with your privacy and it is very important to check all their settings. These issues include:
- The device makes no distinction as to which user connects to it. You don’t need to sign in to the device.
- It may capture and store images/sounds/inforamtion of people without your consent.
- In addition to the data we provide directly and consciously for commissioning, the devices incorporate sensors to capture and store other data such as images and sounds.
- Many of the companies involved in providing the service (device manufacturer, software developers, etc.) may have access to our data and process it for purposes that you do not control.
- Some devices can track our movements and how to locate us in specific places during certain periods of time.
- A device connected to the Internet with insecure settings, defaults or unresolved vulnerabilities can become the gateway for cybercriminals to our personal data.
- Personal data are processed by third parties who, in case of suffering a security breach, can be exposed.
Recommendations for safe use
If you have an idea of buying a device that connects to the internet it is a good idea to follow a series of recommendations to prevent any type of leak of your data from occurring. They would be for example:
- Do not provide the device with more data than necessary.
- Do a google search to find out if the device is safe. Checks to see if the company has an ancestor on which its data has been filtered.
- Before installing the device, read the privacy policy carefully and check what exactly is being shared.
- When you launch the device, carefully check the settings. Attempts to minimize the data that is shared with third parties.
- If you are not going to use it anymore reset the device. If you are going to sell it, delete all the data that has stored about you.
References
- https://www.aepd.es/es/documento/infografia-riesgos-del-internet-de-las-cosas-en-el-hogar.pdf
- https://www.shodan.io/
- https://twitter.com/troyhunt/status/1405326145160056839/photo/1