New cybersecurity challenges
Like so many things, these developments unfortunately have their downsides. Bringing more and more devices into our homes and factories also means that there are more and more points of attack in our lives that could potentially be exploited by cybercriminals. This ranges from tapping user data to invading via a poorly protected device and infiltrating the entire network. Here, it is actually more of a disadvantage that more and more devices are being connected to the Internet. This is because a single weak link can put the entire network at risk. Depending on which IoT devices are then affected, this can have devastating consequences. Think of self-driving cars, for example, which can pose a major security risk to passengers and third parties, or the healthcare sector, where particularly sensitive data is handled.
But it goes without saying that this can also have very unpleasant consequences in private life. For example, criminals can use hacked devices in 'smart homes' to monitor the homes of their victims. Only recently, pictures of private moments recorded by an iRobot Roomba J7 caused a stir here and subsequently ended up on the Internet. The mission of these models from a special developer version was to collect and transmit recordings from their everyday work for training the AI used. To do this, vacuuming robots took footage of obstacles that got in their way on their cleaning rounds. The video footage was then analyzed by a service provider on behalf of iRobot. To help the vacuuming robots learn how to navigate their surroundings, employees were asked to label objects in the footage. One of these 'objects' was a woman on the toilet, photos of which later appeared in private Facebook groups. Apparently, the commissioned employees had screen-shot and published these and other scenes.
Strictly speaking, iRobot is not guilty of any wrongdoing. The test users were supposedly informed that the devices could take pictures at any time. The manufacturer also states that contracts were signed with the service provider to prevent such privacy violations.
The incident clearly shows that even precautions such as contractual agreements cannot guarantee complete protection against data privacy violations. At the same time, one should always be aware of what private data and information is collected by IoT devices and, in the worst case, could fall into the wrong hands. In this case, this point has particular significance, because the recordings were not made through unauthorized access, but to all appearances even with the consent of the test users. Since some users deny that they knew about the data collection, it seems questionable how explicitly this quite important function of the vacuum robots was communicated. Since you cannot always rely on all essential information being communicated transparently and in detail, it is unfortunately essential to inform yourself in detail.
The Internet of Things - Fun and Dangerous
As the IoT space grows, so does the need for legal control and regulation. After all, these days almost any device that has an on/off switch can theoretically be connected to the Internet and thus become a security risk. That's an armada of devices whose data could fall into the wrong hands.
Among other things, the EU is expected to introduce regulations in 2023 that will impose stricter rules on the collection and storage of data for manufacturers and operators of smart devices.
In addition to legal regulations, measures that users can take themselves will also help to improve cybersecurity and data security in the IoT. Of course, none of these can guarantee one hundred percent security. But every protective measure helps to minimize risks. For example, it's important to regularly update devices and software, as this is where security vulnerabilities are fixed. Another important point is changing default passwords on IoT devices. Smart home devices come with a factory-set password that is used to log into the network for the first time and, accordingly, is usually very simple. While this is convenient in further handling as well, it can create a serious security risk. This is because these simple passwords are very vulnerable to brute force attacks. High computing power is used to try out a large number of possible user password variants. With particularly simple passwords, the probability of hitting the bull's eye at some point is naturally much higher than with complex passwords.
The Wi-Fi network should also be protected by a strong encryption method. If you often have visitors who also use the Internet at home, you should consider setting up guest access. And as always, be careful when dialing into publicly accessible Wi-Fi. A VPN helps minimize the risks. (We've written more in-depth about how to protect yourself and your data in the digital world in this article).