The internet of things is a big concern and should be one of students are very aware of as it potentially threatens our privacy and our security.
When discussing the Internet of things I focus on two issues; one being that these devices generally have default user names and passwords and that these are seldom changed by users and the second is the difficulty and also lack of regularity in terms of updating the software which runs on such devices.
When discussing passwords I focus on the 2014 reporting of 70,000 web cams across the world which an internet user had gathered on a single site. As these devices all had no default password set any users could effectively connect to the feed and view whatever the web camera sees whether this be a car park, a football ground, the inside of house or the pathway to someone’s front door.
A quick discussion with students as to how they would feel having their movements monitored by persons unknown and also the risks which such monitoring might expose them to quickly gets the point across as to the need to change password.
To illustrate the need to update operating systems I use the vulnerability which was identified in robotic vacuum cleaners. This allowed hackers to gain access to the video feed from such a vacuum cleaner as well as being able to control the device itself. The vulnerability was in the software which was then patched by the vendor following discovery of the issue.
Students were then asked about how they would know if devices they have purchased had identified vulnerability. Would vendors have a way to contact those that purchased their device? It became clear that generally the answer is no and therefore the only way to remain secure is in fact to keep updating devices so that they are using the latest and therefore least vulnerable software.
The internet of things will continue to grow as more and more devices are connected to our home network. As the list of devices grow so does the risk. As the risk grows it will become more and more important that students are aware of the risks and are aware of the basic security measures they can take such as updating software and changing default passwords.