The Internet of Things is watching you!

The “Internet of Things” is not just a buzz word, it is already a reality. Count the numbers of “connected” or so-called “smart” devices you might have in your home, and you will have the answer: PC, laptop, tablet, smartphone, mp3 player, game console, but also TV screen, home theatre devices (AV amplifier, BluRay, DVD players…), (wireless) music systems, webcam for babies or home presence detection, connected scales, home weather station, etc.The “Internet of Things” is already everywhere around you (even on you with new connected watches, caps or glasses). But is it safe? I’m sure you trust the company who sold you all your connected devices. Buying connected devices brings you new and useful services such as remote presence/baby monitoring for example. And you might even be loyal to this company by always buying their products because you believe in the reliability and security of their devices. You even forget sometimes that some of your connected devices are always connected and can “talk” to other devices in your home or to remote devices outside your home (just because you authorized them to be always connected just once, a long time ago, when you had just bought them). But as in the PC world, connected devices are full of security flaws. And with always more connected devices everywhere, the whole world can be spied on. Your world can be spied on. Let me give you a good example: We all use  generic search engines (Google, Bing, or Yahoo!) but have you heard of these other engines dedicated to a specific domain:

• TinEye, a reverse image search engine,
• The Wayback machine which can display websites as they appeared in the past. Yes, nothing posted in internet is ever lost (have a look at google website in 1998, or even try to find your first ever website?)
• And of course, a search engine dedicated to the Internet of Things: Shodan.

Google looks for websites, Shodan looks for connected devices: it is a public access engine through which you can find connected cameras, medical devices, office building heating-control systems, baby monitors, heterogeneous management consoles, or power plants! You can filter your searches by country or even by service (HTTP, FTP, SIP, SSH, SNMP…). And today, more than 1.2 billion devices are available through this search engine. Just type a keyword in this search engine, such as “webcam” and you will have hundreds of pages of connected webcams available through the internet, directly from your PC. Not all these links will give you access to a webcam video stream and you may often be asked for a login/password. But for those devices that are not properly configured… the stream is freely available and you can watch somewhere else on earth or someone else who doesn’t even know you are looking, without restriction. Of course, most of connected devices are pretty well secured, but security flaws may exist, bad configuration as well, and these flaws could be used by hackers at anytime. As a conclusion, you shouldn’t trust marketing and ads telling you that your connected devices are 100% safe and secured. In the world of the “Internet of Things”, as in the PC World, you should never be passive: Take time to configure properly your devices, and update your connected devices regularly! Don’t tell me you were not warned if one day, your neighbor tells you with an impish grin that he knows what you did yesterday evening.