The Internet of Things, commonly referred to as IoT, is a new market popping up that boils down to the idea of connecting everything to the internet, even if it doesn’t need to be. The downside of these devices is that many of them are not secure out of the box and many more are unmaintained. Many of the devices that are showing up on market dont even have a good reason to be connected to the internet.
Exhibit 1: Juicero
Juicero is a cold press juicer, but you cant just put whatever you want into it like a normal juicer. No, you have to buy their prepackaged bags of fruits and vegetables. Even worse, if your internet cuts out it stops working. The only value add to connecting this thing to the internet is that if there was a recall on a package, the Juicero wouldn’t squeeze it. The good news is that if your internet fails, you can just squeeze the juice yourself.
But lets stop talking about how dumb these devices are. They are serious security problems waiting to happen, too.
Exhibit 2: JideTech Onvif 2.4 Wi-Fi Security Camera
Amazon has since taken this camera down from their store, hence the Internet Archive link. This is probably my favorite example and the one I bring up most often when talking about how badly insecure IoT is. This is one of the cameras that make the Mirai botnet the most powerful botnet in the world. Security guru Rob Graham tweeted about buying this camera and watching with WireShark as it was infected very soon after plugging it in. It is vulnerable out of the box and was never patched, hence why amazon stopped selling it. Video
So now we know that IoT devices are worthless and insecure, what about your privacy?
Exhibit 3: Pillsy
Pillsy is a bluetooth enabled pill bottle that reminds you to take your meds. The idea of sharing what medication you take, or how often you forget to take it is a terrible idea. I don’t even want to imagine how much money information like that is worth to health insurers.
This is an expansion on one of the topics in my article on tips for your employees on how to secure a home network.