Introduction to the Internet of Things (IoT)
So what is the Internet of Things? It is any physical object that connects to the internet and can send or receive data. That includes obvious things like your phone and smartwatch, but also wireless speakers, smart lights, security cameras, and pretty much anything with the word “smart” printed on the packaging. It goes beyond your house, too. Cars, smart beds, medical devices, and industrial equipment all fall under the IoT umbrella.
If you do an Amazon search, the amount of these devices is honestly kind of wild. Within the first two pages, I found smart wall plugs, air purifiers, sunrise and digital clocks, picture frames, power strips, wall switches, thermostats, bodyweight scales, curtain openers, essential oil diffusers, projectors, garage door controllers, pet feeders, in-wall energy monitors, night lights, digital calendars and whiteboards, smoke detectors, charging stations, gun safes, button pushers, thumbprint door handles, lamps, air quality monitors, litter boxes, and finally “all-in-one streamers” that let you control everything I just listed with your voice from your couch without ever standing up.
For most users, the idea of a Jetsons-like smart house sounds extremely convenient. Who wouldn’t want to control every item in their home without lifting a finger? I myself have an entire home of Philips Hue smart lighting, which I can’t get enough of. As a renter, being able to change the color of the walls through light to suit my mood is addicting, and I find the “sunrise” setting (like the clocks I mentioned above) really helps me get up on time in the morning before class. I even have the option for my lights to “wake up” and bathe my whole house in a warm, welcoming glow when I get home from my bar job late at night, as soon as my phone connects to my Wi-Fi network while I’m walking across the parking lot.
The Elephant in the Room- Smart Device Privacy
But how much of my personal information is available through my lightbulbs and smart app? If someone were to view the data connected to my Hue app, it would be pretty easy to see what time I get up in the morning, how long it takes me to take my dog for a walk, and what nights I bartend after class, just from those two settings: my sunrise alarm and turning-on-by-location.
This realization shocked me. I consider myself to be pretty savvy when it comes to privacy. I don’t use social media, I don’t download apps (preferring a more secure browser, such as Brave), I routinely review and delete my personal data connected to my iOS devices and email, and I use a VPN on both my phone and personal PCs. And I still didn’t quite understand the amount of exposure the few smart devices in my home could facilitate. I go out of my way to hide my location activity on my iPhone. How did I not think about this?
Most IoT devices are small, inexpensive, and designed to be plug-and-play. It seems like just yesterday, but it was really about 5–7 years ago, right before COVID, when everything you wanted suddenly had some sort of digital or “smart” connection. That little checkmark that popped up when you entered your Wi-Fi password on a small device felt really good, always a bit of a surprise: “Huh! That worked! Great!” Now those little smart devices have been dragged with me through relationships and apartments, with Wi-Fi passwords blissfully updated at each move. That ease of connection usually means these devices do not require any real security software at all. If someone is on your network, or in some cases just within wireless range, they may be able to access or control them.
But is there Even a Real Risk?
In my last post, I touched a little bit on how malware can spread and stick around on your computer, and every one of these items is basically a small computer. If someone had programmed a device to install malware and affect other devices in range, it is totally possible to create a botnet out of every one of your smart home items. Most of them are programmed in C or C++... so they all speak the same language. Once reprogrammed, they can collect Wi-Fi data, IP addresses, location data, and in some cases financial or other private information. So now, my smart light bulb is not just a light bulb anymore. It is a tiny computer with opinions (and a posse).
The bigger my IoT setup gets, the more exposure I have, with each additional device acting as another potential entry point. One smart device might not seem like a big deal, but when you stack dozens of them together, you are basically building a very polite but very insecure digital neighborhood. Even if devices include a basic password or encryption setting when purchased, many IoT products stop receiving software updates after only a few years. Once updates stop, security vulnerabilities remain permanently unpatched. So while Philips may have great security on my lightbulbs, my COVID-era security cameras that need a reset every time the power goes out and haven’t had a firmware update in two years—but are still technically functional—could still exploit my network and expose other devices once connected.
There is also an environmental side to these devices that does not get talked about enough. They are often designed for short lifecycles and are difficult or impossible to repair, which means they end up straight in the trash once they lose usability. How many users are making sure to completely wipe a device before throwing it out? How many Wi-Fi passwords do those items still contain? Not to mention, this represents a major waste of resources and raises ethical concerns, since many of these products are manufactured in developing countries under exploitative conditions within today’s consumer supply chain.
Hacking these devices- Shockingly Easy for Beginners!
I started wondering how easy it would be to hack these devices. Turns out, not hard at all. After watching these two videos, I’m pretty confident I could figure out something small. Andrew Bellini is a captivating speaker, and his website provides tons of classes for even more complicated hacking if I were motivated enough.
DEF CON: Anyone Can Hack IoT – Andrew Bellini
David Bombal also had a great tutorial. With Python being such a prevalent language, I think even my snot-nosed neighbor, who isn’t even in middle school and likes to call me an AI bot (to my face??), could figure it out.
Hacking IoT devices with Python (it's too easy to take control)
So how do I limit my exposure? Turns out, a lot of what I already do for my mobile devices and personal data is on the right track.
Do an audit of every smart device in your home and figure out if you actually need or want the device, and limit the overall smart devices in your home. Frequently check for updates through the manufacturer's website, and purchase from reputable manufacturers that actually provide long-term updates (like Hue, instead of whatever random-letter-string brand is cheapest on Amazon). Use long and unique passwords with a password manager for each account, properly secure your Wi-Fi network, and, if you want to be extra cautious, place IoT devices on their own separate Wi-Fi network away from personal computers and phones.
And lastly, I found another short video about hacking IoT from IBM, that provides some great security tips at the end.
So yes, IoT is convenient. It is cool. It is everywhere.
But it is also something we should approach with a little healthy skepticism, and maybe not give full internet access to every object in our house just because it has a touchscreen.
Additional Sources
Science News Today – What Is the Internet of Things
https://www.sciencenewstoday.org/what-is-the-internet-of-things-iot-a-complete-guide-to-iot-technology-and-its-applications
IBM – Internet of Things
https://www.ibm.com/think/topics/internet-of-things
Top comments (1)
Smart Hampster Feeder
Smart Towel Warmer
My favorite ridiculous smart devices :D