Jeremy Hitchcock

Is my IoT device online, active, or in use?

Internet of things devices are always on and always connected.  This raises all sorts of questions on what it means for a device to be active.

"Seventy percent of consumers worry that hackers might access their smart devices at home, and 58 percent fear a lack of privacy from manufacturers that have access to their data, conversations, voice patterns and search history," cites The New York Times article, Is My Not-So-Smart House Watching Me?   

Is a camera always spying on me if it is always on?  Depends.  In the days of desktop security and even in end-point management, devices that are active could be checked if their behavior is known to be good.  IoT has created an environment where that’s not possible.

Tens of thousands of IoT devices are talking to each other, talking to a cloud, and interacting with users. Some of them are active all the time. They beam data back to be viewed or processed later. Some of them check in with a central cloud. The devices who listen all the time, like voice assistants, only listen for a wake word and then record— or so we hope. 

The question is whether those interactions, through traffic that you would expect, are legitimate: 

  • Desktop, laptops, and mobile devices - Are you actually using an iPhone, or is it updating a bunch of apps in the background?
  • Personal assistants - Can you tell if someone is interacting with a device? For a device that requires speech as an input (Amazon Alexa), you can see Alexa phone home with an audio signature and a response of a voice signature.
  • Video cameras - A webcam hack can be extremely hard to detect at face value. As the Institute for Critical Infrastructure Technology explained, "Only a slight increase in sophistication is necessary to disable signals that might alert the user (such as the webcam light) and to store and exfiltrate the data. Webcams are arguably one of the easiest system components to remotely access and exploit." The paper recommends covering your webcams when not in use. 

Security is based on an onion, with multiple layers and multiple users. Just like getting to the core of an onion, you have have to break multiple sets of security to be nefarious. In the home IoT environment, we add devices of all sophistications (laptops, TVs, cameras, sensors, lightbulbs...) with all sorts of quality of manufacturing & development to the same network.  Everything has essentially root/core access to our network.  Security just hasn't caught up to IoT yet and understanding device activity is an context.