By Jonathan Zmikly
When Edward Snowden released top-secret NSA surveillance documents to the masses last year, it was a sobering confirmation that seemingly private information, no matter how mundane or valuable, was being tracked. Bank information, browsing history, passwords, Skype sessions – for years the U.S. Government, with the help of some of the world’s most powerful communication companies, has been collecting huge amounts of data in an effort to target potential terrorists. Snowden’s leak was a grave reminder to the world that the Internet is still a very public network.
This shouldn’t be surprising. The Internet grew out of an academic community that valued sharing and open communication, and its history is steeped in collaboration. Those traditions continue today. They stand as the pillar for social media, citizen journalism, and virtually every other online activity. But as countless bank and e-mail accounts are compromised every day, even “secure” information is liable to be hacked and shared.
Today’s Internet-controlled home is no different. Some systems use an Internet-connected hub that communicates with each “smart” device in the home, like thermostats and lighting. Other systems connect directly to a user’s home router. Owners can then access them via the World Wide Web or a smartphone app to control their homes from a distance, whether they’re at home, at work, or on vacation.
Because these systems rely on the Internet to work, literally in-house information is being passed through a public and potentially vulnerable network. And while room temperature data might not be useful to the average hacker, security cameras and door locks may very well be. One very unsettling example is Creepstreams, an interactive Google Map of insecure Trendnet IP camera feeds, accessible by anyone with an Internet connection. Even after the company sent out a firmware update, the live streams were still discoverable, along with the exact location of each camera.
Home automation systems can have similar loose ends. At the security conference Black Hat in August, SpiderLabs Managing Consultant Daniel Crowley demonstrated how to change a front-door lock code from his computer. And, Forbes writer Kashmir Hill put the home automation technology INSTEON to the test earlier this year, hacking into eight separate Internet-controlled homes after Googling some simple key terms.
The product used in Hill’s experiment did not require a password, and it has since been discontinued, according to INSTEON Marketing Director Isaac Sanz. The product shipped in its place does.
A 2013 study from the Pew Internet and American Life Project showed that 86 percent of Internet users said they have tried to use the Internet in ways to minimize the visibility of their digital footprints. So, whether they’re checking for SSL certificates, or using software to protect themselves, users are proactive in seeking out anonymity and protection on the Internet.
“I think people still do seek out privacy,” Hill said in a recent interview. Citing Snapchat’s wildly popular image expiration feature, Hill said people care about private online content, with an expectation that that information will never come back.
So, why would home automation privacy be any different from, say, storing bank information online? For one thing, companies expect users to set up their own usernames/passwords once the system has been installed. But often, homeowners don’t even password-protect their routers, let alone their automation system.
“People still have bad password hygiene, so they have to go a little further to protect themselves,” Hill said. “Each device usually has a default password, so if a hacker finds the user manual, essentially, there is no password.”
Sanz and Hill agreed that companies should do more to inform and coach their customers.
The Texas CEO needs to know that protecting online data, whether it’s a home light dimmer or the garage door opener, is a steep, uphill battle. In her 2010 SXSW Interactive presentation Making Sense of Privacy and Publicity, Principal Researcher at Microsoft Research, Danah Boyd, said the Internet is “public by default, private through effort.” Internet users must take an active role in ensuring their private data stays just that – private.
“At the very least, use a strong password for both your Internet connection and smartphone,” said Sanz. Sanz also cautions users to be their own gatekeepers. “Ask yourself: What do I want to control, that I wouldn’t feel comfortable having hacked? Don’t assume that if something is Internet-connected, that it’s secure.” Home lighting, temperature and media might not be a huge threat, if they were compromised, but a home security system, surveillance cameras or an automated fireplace may be.
As with all things Internet, “The Internet of Things” is a relatively new world. Deciding which parts of their lives to make public or private is largely up to users, making it vitally important to realize the virtual keys to their homes may very well be on the line.
“It’s not just that you’re broadcasting information, you’re actually broadcasting control,” said Hill.
Jon Zmikly is Senior Lecturer in the School of Journalism and Mass Communication at Texas State University. firstname.lastname@example.org
Congrats, Ricardo, and welcome to Texas! dallasvoice.com/equality-texa…