 The Internet of Things (IoT) remains a glass house when it comes to privacy, as evidenced by this recent headline: “MAN ACCIDENTALLY GAINED CONTROL OF 7,000 ROBOT VACUUMS IN 24 COUNTRIES WHEN HE TRIED TO GET CREATIVE.” Sammy Azdoufal just wanted to see if he could control his fancy new China-made DJI Romo vacuum cleaner with his PlayStation 5 controller (because, why not?). With the help of some AI coding tools, he not only succeeded, but soon found himself in charge of every currently connected DJI vacuum around the world, with access to camera feeds, microphones, floorplan maps, and more. Because of the available Internet Protocol addresses associated with each device’s connection, he also had the ability to determine their approximate location. Now imagine what a burglary syndicate could do with that information. Or, for that matter, Chinese intelligence, which under Chinese law has rights to all the data collected by Chinese companies. The ability to vacuum up the personal information of people around the world is a big lesson in consumer privacy. It also portrays the Wild West that IoT has become, which Live Media News summed up nicely: “It seems like the smart-home sector is constantly urging us to embrace the ‘trust us’ design principle. Convenience is always the selling point: let the thermostat anticipate your routine, let the doorbell recognize a face, and let the vacuum clean while you’re away. However, in reality, convenience typically translates to ‘cloud.’ Furthermore, cloud frequently implies that someone, somewhere, created a permissions system that must be flawless every day, forever, across all updates, regions, and hurried sprints. Even for businesses that prioritize security, that’s a high standard. Many don’t.” Which should give us all pause as we consider whether we really need connected refrigerators, doorbells, coffee makers, vacuum cleaners, sex toys, and more. Our personal privacy seems a terrible thing to wager in the name of a little more convenience. Azdoufal just happened to do the right thing by reporting a vulnerability that he didn’t have to publicize (and one that he wasn’t deliberately looking for in the first place). In other words, we got lucky this time. Comments are closed.
|
Categories
All
|
RSS Feed