For years, security firms have been warning that Internet of Things and smart home devices often don’t pass muster when it comes to things like passwords and encryption. Today, the United States director of national intelligence, James Clapper, agreed, giving evidence to the Senate Select Committee on Intelligence how connected household items could be used to gain information about their owners.
“In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper said in the Worldwide Threat Assessment of the U.S. Intelligence Community report. Personal data collection and monetization of that information is also a possibility. “Commercial vendors, who aggregate the bulk of digitized information about persons, will increasingly collect, analyze, and sell it to both foreign and domestic customers.”
Though Clapper listed several countries — including Russia, China, and Iran — as leading threats when it comes to cyber-espionage, but it sounds like the U.S. might use insecure devices to its advantage. The report states these devices “will pose challenges to our cyber defenses and operational tradecraft but also create new opportunities for our own intelligence collectors.”
President Barack Obama’s new Cybersecurity National Action Plan was also unveiled today, and it also addresses concerns with IoT devices. Among the steps outlined in the plan is the Department of Homeland Security working with partners to develop a “Cybersecurity Assurance Program” that will be in charge of testing and certifying connected devices, including both household and medical items, “so that when you buy a new product, you can be sure that it has been certified to meet security standards.”
Often customers assume device manufacturers make security a priority and build it into their products. But so many new devices are coming onto the market, it can be hard to suss out who has the background to make really secure cameras and other items. Considering how many people have smart home devices installed, ensuring they all meet a certain standard is definitely a daunting task.