A security analyst at the software company says it’s not the things in the Internet of Things that we should worry about. It’s those cloud servers with vast databases of personal information gathered from all those connected devices. Hacking is a business. There needs to be an return on investment.” In the business of hacking, it’s not the device that’s valuable. It’s the data they generate. Individual devices are hard to secure and can be trivially easy to compromise because so many people fail to change the default user names and passwords.
The biggest profit on a cyber criminal’s investment, isn’t in hacking a toaster, it’s in grabbing data from thousands of users at a time by hacking servers. High profile hacks, from Home Depot to Target spilled user names, credit card details, or other information onto the web. And this is just the beginning.
Greater amounts of data are going into the cloud. Hackers can learn which rooms in your house you spend the time in, and when. Smart appliances transmit our voice commands to their manufacturers. Car insurance companies deploy tracking devices to gauge driver safety. Fitness trackers know our heart rates and how many steps we take each day. The photos we upload to Instagram may include geographic coordinates. In addition to the information we deliberately post to Twitter and Facebook, social networks could log other information, such as how often we log in and what times we generally post.
Individually, it might not seem like much of this data would be problematic if it were leaked. But as it starts to be combined in new ways, this data in wrong hands could come back to haunt us, perhaps even years later.
Interaction with your devices can leave a trail of digital exhaust behind. Once this data is combined creating very rich profiles of people, some worry there may be death of privacy.
Currently, hackers often sell databases full of stolen credit card numbers, social security numbers and passwords. In the future, these databases could include even more personal information gathered from sensors and connected devices.
What can companies do?
The most important thing that companies can do to help protect their customers is to stop gathering data that isn’t necessary for the operation of the service. Moreover, they can encrypt the data they do collect — preferably in ways that only the customers themselves can decrypt. New laws regulating what information can be collected, and how it can be stored, may also help.