Article Courtesy of: Computerworld
Is the Government tapping into your IoT Devices & Spying on You?
The U.S. spy chief admitted the government may use your “smart” internet-connected IoT devices to spy on you.
A Harvard report no sooner debunked the FBI’s “Going Dark” argument than the U.S. intelligence chief admitted the government might use your “smart” internet-connected devices to spy on you.
U.S. Director of National Intelligence James Clapper testified:
“Smart” IoT devices incorporated into the electric grid, vehicles—including autonomous vehicles—and household appliances are improving efficiency, energy conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services. In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.
Clapper’s prepared testimony about spying via IoT were included in the “Worldwide Threat Assessment of the U.S. Intelligence Community” report (pdf) delivered to the Senate Armed Services Committee on February 9.
The Internet of Things was the first topic mentioned under “cyber and technology,” followed by artificial intelligence, although the report notes that the order of topics doesn’t necessarily mean the intelligence community views the topic as the most important.
While this is not the first time an intelligence chief has admitted the potential of spying on people via their internet-connected devices—since CIA Director David Petraeus said the same thing four years ago—the Harvard report pointed out just how widely IoT surveillance could be used.
The report included specific examples of potential IoT devices surveillance via baby monitors, smart TVs, IP cameras, home automation products such as smart thermostats and smoke detectors, smart toys such as Hello Barbie or Elf on a Shelf, the Amazon Echo, connected cars and smartphones. But there are so many more when you consider fitness trackers, refrigerators, crock-pots, motion detectors, even pregnancy tests—although a fitness tracker might do double-duty as a Reddit user reported that his wife’s Fitbit knew she was pregnant before they did.
“Appliances and products ranging from televisions and toasters to bed sheets, light bulbs, cameras, toothbrushes, door locks, cars, watches and other wearables are being packed with sensors and wireless connectivity,” the Harvard report explained. “Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target.”
Could your smart LED bulb be enlisted in the government’s spying machine? Maybe or maybe not, but the U.S. did invoke “national security” to stop Philips from selling the Lumileds LED portion of its company to the Chinese. Those LEDs are used in one of every three cars made in the world, used in TV, mobile device and computer displays, used as a flash for smartphone cameras, and used in general lighting markets. You’d think if companies adopting encryption by default in smartphones was really a threat to intelligence agencies that the “threat assessment” report would hammer the point home; yet Clapper mentioned encryption just four times in the 29-page report; once was in regard to attackers trying to change source code to break network equipment encryption.
“Encrypting” was mentioned regarding ransomware developed by cybercriminals, a topic listed under “nonstate actors.” Violent extremists will “publicize their use of encrypted messaging apps” and terrorists will “take advantage of widely available, free encryption technology, mobile-messaging applications, the dark web, and virtual environments to pursue their objectives.”
… who needs a back door when you can waltz right in the front door of a home with internet-connected smart devices or home automation? …
Read the FULL STORY on Computerworld