How A Toaster Could Steal Your Identity

For a mere $100 you can own a toaster that will notify you when your toast is ready.

How A Toaster Could Steal Your Identity

Constantine von Hoffman | Identity

There is so much about the Internet of Things (IoT) that is funny — as long as you don’t consider the security implications.

Consider:

  • For a mere $100 you can own a toaster that will notify you when your toastis ready. “A companion app that has different types of bread and a slider to adjust how much you want to burn your bread. Once you’ve pinpointed the perfect combination, you can save your toast-cooking profile.”
  • Far less expensive ($9.99 on Amazon) is the Quirky Egg Minder, an egg tray which teams up with your smartphone to send out alerts when you’re almost out of eggs. But wait, as they say on the game shows, that’s not all: LED lights on the tray turn on to warn if any eggs are nearing their expiration date.
  • But why spend a little when you can spend a lot? The Bosch Serie 8 PerfectDry Dishwasher 60cm Home Connect Wi-Fi is available for $1,136.49. As the manufacturer explains, “Waiting around for your dishwasher to finish can waste time and cause unnecessary stress. Especially for those with busy schedules. Home Connect puts your mind at ease and helps you be more productive with your time. If you wish, push notifications can be sent from your dishwasher directly to your mobile device, conveniently letting you know the current program status of your dishwasher, as well as other useful information. Multitasking in and out of the home just got a little easier.”

Put aside silly items like these and you can see there is a reason IoT devices exist. In simplest terms, IoT allows devices to communicate with each other via the web, sharing status and data, in order to eliminate errors produced by human intervention. Furthermore, the data generated by IoT objects can be analyzed to increase device efficiency through product enhancement and understanding usage patterns.

There’s no doubt IoT devices are big with consumers and companies.

According to IHS, there are more than 24 billion IoT consumer devices in use as of 2018. Gartner estimates more than 50 percent of major new business processes and systems will include an IoT component by 2020.

The McKinsey Global Institute predicts IoT could have an annual economic impact of $3.9 trillion to $11.1 trillion worldwide by 2025.

The problem, though, is they can be a huge security risk.

It’s also important to remember that IoT devices at home can access a person’s home network which, in turn, might give a hacker access to the company that person works for. So it’s clear this threat is by no means limited to consumers.  

While there’s no good way to secure IoT devices already deployed, on-going threats may get governments to require IoT security standards. Biometrics, with its combination of strong protection and ease-of-use, offers the best way to address this.

It is impossible to imagine anyone, even a security-savvy IT pro, being willing to enter a password each time they want to use their IoT thermostat. The minuscule likelihood of that willingness shrinks down to quantum size when you consider all the other interconnected things in a “smart home”: Exterior locks, loudspeakers, lighting, heating, entertainment systems, and, of course, dishwashers.

But what if all that person needs to do is swipe a finger across a sensor?

Then you have a scenario where the security is so easy to use that it doesn’t bother consumers to do so. There is still one legitimate concern about using biometrics which is that it can require a centralized database to store all the biometric data and any such database would draw hackers like bears to honey. However, that is not the only way to store this data.

Using a distributed data model to encrypt and store this information, as Veridium does, adds a huge amount of additional security. This model distributes a user’s biometric data as an encrypted template, broken up and stored in different locations. Each part is encrypted, with one stored on the device used for enrollment, and the other on a server.

For authentication to occur, both pieces are then recombined for comparing against a newly captured biometric vector. Having encrypted data live in separate locations makes it much harder for an intruder to gain access to both locations.

Not only does the hacker have to access the backend server of the company but also the physical device of the user they’re attacking.

COMMENTS

WORDPRESS: 0
DISQUS: 0
%d bloggers like this: