IoT and the Cost of Convenience - Aurorasa Zeitgeist

Credits: Withings/Kérastase/L'Oréal

Careful, your hairbrush is watching

Available this fall is a connected hairbrush that comes with a built-in microphone.

As reported by WIRED, as soon as someone brushes their hair, the hairbrush collects data.

The inbuilt microphone is said to listen to the sound of the brushing and identifies patterns in the movement. The microphone detects "manageability, frizziness, dryness, split ends and breakage".

Naturally, the brush has WLAN and an app that transmits the data.

To me, these items are not just funny gadgets but also potential privacy- and security risks. Do you know what your brush records, how secure they store your data, for how long, etc?

After the last major Apple Update, I thought my iPad and Phone broke (something drained the battery) until Apple sent me a message they accidentally activated "backup" on all of my Apple devices.

GIGS of data from my Apple devices (I feel stupid admitting I have four as I feel writing this article with an apple watch on is on the verge of being hypocritical) were sent over the air by mistake.

I have more faith in Apple's knowledge of IT security than in the IT security knowledge of companies specialized in shampoo and conditioner. Or freezers.

People don't know which data is collected

Most buyers do not understand what data is collected by their household items. And if they do, they have to have faith in the vendor that

he can keep the data safe
does not secretly collect more data than agreed
does not sell your data

How far do we trust vendors who are keen to get to our data? In 2016, the company WeVibe had to pay a pretty heavy fine. They are selling smart vibrators and - without consent or knowledge of the buyers - collected data they shouldn't.WeVibe did not object to the accusations but pointed out that the data was stored "safe and anonymous".

The risks of IoT

In the best case, you convey unpaid market research. In the worst case?

Wannacry a wake-up call?

Wannacry is the name of ransomware that recently attacked computers of people and companies who did not update their operating systems. Experts consider "wannacry" a "warning". Obviously, it had an emergency switch and could quickly and easily be stopped.

The worm encrypted the data of the infected machine and displayed a message with instructions on how much bitcoin you have to pay to get your machine back. Some hospitals were affected too.

Having to pay ransom or loosing data is one thing. How about electricity? No air-conditioning in the middle of a heatwave?

And do you remember last October? When hackers launched an attack through the IoT? Millions of internet-connected household devices like printers, cameras were hijacked.A single printer has limited computing capacity, But 1000 or 10 Million?

Target of the attack was a DNS-service company called DYN, but as major corporations use the service, even sites like Reddit, Twitter and Spotify had been down.

And even if you do not own internet-connected devices: In November of 2016 over 900,000 households were cut off from the internet (including telephony and tv) after Telekom became target of a hacker and routers could not identify themselves to create a connection.

Evidence smart gadget data

Two recent court cases are interesting. They show that also the government might be interested in data gathered by smart gadgets.

CNN reports about a murder case in Arkansas. Authorities demanded access to Amazon's server because the suspect uses the smart loudspeaker Amazon Echo. Amazon protected the data of the user (who in March 2017 agreed that the data can be accessed). How about 12 cases from now?

In a second case, referred to by the media as the "Fitbit murder", data collected by the fitness gadget of a murdered woman was key to refuting the false alibi of the murder victims husband.

As I said in a different context: Data security is an illusion. Every piece of data that is stored somewhere can and will be misused at some point.

Everyone has to ask themselves: How much am I willing to pay for convenience? Not only professional hackers but also the government might be interested in your data.

Do surveillance cameras everywhere give you the feeling of security? They just make me feel less (care)free.

PS: Check Craigslist Chicago tomorrow for my Amazon Echo, smart coffee machine, and Bluetooth headset. I am not kidding.