With increasing integration of information and communication technology (ICT) in all aspects of life, we are increasingly dependent on and surrounded by more and more gadgets. These are no longer limited to computer, mobile phone, game console or ‘Smart’ TV; micro-(and, in the future nano) computers being integrated into refrigerators, thermostats, lights and even shoes. Meanwhile, the so-called ‘smart’ accessories have gone beyond watches and fitness bands to jewellery such as pendants!
All these gadgets have sensors that track various parameters such as location, temperature, ambient lighting, speed, and number of steps or for that matter, heartbeat. Used properly and selectively, they hold the promise of early illness diagnosis, saving energy through optimal lighting, and more efficient and intelligent transportation. In fact, this phenomenon has a new name — ‘quantified self’.
However, with all the attendant benefits, it exposes data both personal and critical making security and privacy a matter of concern. This weak link results in tracking, storage and sharing of private information that others should not have access to. In fact, a study by Symantec on wearable technology and scrutinised 100 popular iOS apps in the “health & fitness” category. It stated that security and privacy aspects were not factored in those devices and were broadcasting individual’s personal
information. The impact can range from nuisance to embarrassment, all the way to extortion in extreme cases. It also could pose a danger to life and property. For example, an insulin pump could be hacked for overdose.
In a recent whitepaper, Symantec found that all the wearable devices
examined, including those from leading brands, were vulnerable to location tracking. In another study of 50 smart home devices, Symantec found that many of those did not have a robust process to ensure that the device under review was indeed the intended one and not a rogue one. One out of five devices was sending data without any encryption thereby enabling anybody in the vicinity to snoop without too much of effort. Worse, in several devices the default password could not be changed and, often it was ‘123456’ or just ‘password’!
Just like basic personal hygiene aides better health and immune system, basic cyber hygiene can mitigate nine out of ten data breaches, according to the Online Trust Alliance. These best practices include use of strong passwords and varied passwords for different products or services; use of encryption for data at rest and in transit; multi-factor authentication; and, using modern and updated security software. The world observed Data Privacy Day on January 28—an annual event intended to raise awareness among businesses as well as users and promote privacy and data protection best practices—a gentle reminder to the world—“prevention is better than cure”! However, we need to practice data privacy every single day, day after day!
So, before you flaunt or indulge in the ‘smartness’ of your intuitive gadget, the ‘smart’ thing would be to ponder over the questions in the box.
Stop, think, connect
Before you rush to buy or connect a new gadget, device or thing to the Internet, ask yourself the following questions:
* What information does the device collect and is the data really relevant for the primary or purported functionality?
* Does the device allow me to decide what permissions I give and under what circumstances?
* Is there an option to return the device for a refund, especially if I learn subsequently the type of information it is collecting?
* What are the circumstances under which my data could be shared with third parties and what safeguards exist, if any?
* Is the support (software updates and patches) available beyond the warranty period?
* Can I change the default password? Does it allow me to set a strong password?
* Is the data encrypted whether stored on the device or while being transmitted?
Use this list also for connected devices you already own, and where appropriate, reset the permissions. You might even find that in some cases, it might be safer to stop using a device, rather than continuing to risk your personal information and privacy.
The writer is director, government affairs—India & ASEAN, Symantec