Let’s say you’re having a rough day at work today; nothing seems to be going right. Thankfully, your friend sends you an email containing a link to a YouTube video. Your friend always sends you the funniest things, so you decide to watch it.

Imagine your surprise when you find yourself looking at a video of you dancing around the living room singing into an imaginary microphone, risky business style. How is this possible? You suddenly remember the new “Smart Television” you bought a few months back. It contained a camera and microphone to enable video conferencing and video streaming from the Internet.

After some investigation you determine that someone has hacked into your television and turned it against you. Your smart device was used to betray you. The TV manufacturer doesn’t know how to fix it; the cable company and everyone else you call are clueless.  The only fix you can find is to unplug the device from the Internet.

So your smart device was used to betray you, and now you have an expensive TV that you’re afraid to connect to the Internet.

I wrote an article about being  betrayed by my smart cloud enabled refrigerator recently that was supposed to make folks think about securing smart devices. I have had a number of folks send me some questions and a couple comments regarding the article that made me think a bit more on the topic.

It may be time to look at the potential threat sneaking into the cloud environment. There are hundreds of millions of mobile devices and hundreds of millions of computers connected to the Internet at any time. This leaves the average home with Internet-related security vulnerabilities in many places:

  • Computers and mobile devices.
  • Internet thermostats that allow us to control the temperature while away.
  • Appliances (washers, dryers, coffee machines, ovens, refrigerators, etc.)
  • Security cameras, inside and out, watching the doors and windows.
  • Smart appliances, such as washers and dryers, that can report user statuses to smart phones.
  • Smart televisions in many rooms allowing for Internet streaming video and video conferencing.
  • Internet connected game consoles.
  • DVRs with networking to allow multi-room viewing,

And more…

We are looking at more than double, or perhaps triple, the connected devices per home than what might be obvious. The attack potential is massive as many of these devices are not considered “computers.” While most of the people I speak to are concerned about protecting their privacy as related to their computers and smartphones, very few are concerned about their Internet-accessible security system being used against them — or their television, game box, DVR, or other connected devices.

They have no idea how to patch the devices to ensure security, or how to defend those devices. Most people also have no idea what to do if any of those devices become compromised. Your TV repairman is likely not qualified to clean a virus off your smart TV, nor is your alarm company trained to secure a compromised security system.

Most people don’t know where to begin to determine if a compromise has indeed occurred.

Suppose your security system, which is connected to the Internet so you can monitor your home while traveling, is hacked and turned against you. The bad guys could use your surveillance systems to spy on you and find the best time to enter the house. Depending on the security system they might be able to open doors and make their entry much easier. Now imagine they didn’t care if you were home and had more malicious intent…

It is time to educate consumers about the dangers that lurk within embedded devices. Companies marketing these embedded systems need to take security into consideration when developing and selling them. What can you do? Research smart devices before buying and placing them in your home. Think about a worst case scenario and determine if the risk is worth having the device. Understand that almost any Internet-connected device can be broken into and used against you.

How do you think people can best protect themselves from threats like these? Do you have direct experience or recommendations for others? We look forward to getting your comments.