I was on vacation in February when an alert came over my phone. Someone had authorized $50 onto my Starbucks card. Then another alert immediately after: Another $25 was added without my authorization. Soon thereafter, persons unknown used the card in Las Vegas to buy “merchandise,” which the nice lady at Starbucks HQ said was probably more Starbucks cards. This was before I could even change my admittedly weak password or close my account, which I did, but the damage was done.
This isn’t the first time this has happened. Years ago someone hacked my husband’s debit card and charged $800 at a WalMart in Chicago. After the card was “closed” by the bank, another $100 in gas was charged on the now closed card. It was maddening.
While these types of hacks have been around a long time, with the advent of the Internet of Things (IoT) security breaches are poised to get worse, and it will be all our fault. In an article for Lifehacker, titled, “We’ve Brought These Stupid ‘Internet of Things’ Hacks Upon Ourselves,” Thorin Klosowski writes that the problems inherent in the drive to connect everything to the internet will be exacerbated by the poor security of these devices. It’s already happening.
“A few different security scenarios are at work here. Hacking into your IoT devices to get into your network, hacking into your devices to create a botnet, and spying on you,” said Klosowski. While it may seem a remote possibility that someone is sitting outside your house hacking into your IoT lightbulbs to get your network information, in October 2016 a hack of IoT devices shut down a large part of the internet, he writes.
As consumers we should insist on not only better security on all of our devices, but we have to practice due diligence by changing passwords and factory defaults. Indeed, the premise of the above-mentioned article is that we don’t take it seriously and we don’t insist the industry takes it seriously.
I, like many others, enjoy the convenience of waving my phone at point of sale terminals. And although I don’t have smart lightbulbs, I do have a smart TV that may or may not be spying on me. To combat such attacks I propose a new tradition of changing WiFi passwords and logins when the time changes twice each year to stave off an IoT hack and I am going to use cash more often to stave off identity hackers. Be careful out there.