Are you absolutely certain that your toaster isn’t mining bitcoin? Will your very expensive smart TV one day suddenly become a dumb TV? And might your wifi-enabled birdfeeder be feeding back more than just pictures of birds?
For every person in Britain, there are an estimated dozen or more internet-connected devices, from smart speakers to fridges. But soon some of us will have one fewer after Google withdrew support for its Nest smart thermostats.
Experts said that the devices going offline were a reminder not only that they were not really “owned” by us in the conventional sense but also that, as they got old and lost security support, many could be potential security threats.
Google, which bought Nest Labs in 2014, announced its first and second generation Nest thermostats would lose software support from October
JOAN CROS/NURPHOTO/ALAMY
Andrew Laughlin, from Which?, said that Google’s announcement was merely the latest for early adopters who were “suddenly having the rug pulled out from under their feet”.
“This is a pattern that we are seeing time and again as companies drop support for their smart products, sometimes after as little as two years,” he said.
Laughlin added that equally concerning were zombie products that kept working but did so unsupported, leaving them “vulnerable to having their data hacked or compromised”.
The “internet of things” revolution began in the early 2010s, as devices across the home started to be connected to the internet. While the advance was never quite as revolutionary as advocates had hoped, the profusion of standards in technology and software could now be leaving people vulnerable.
“In some ways it might not matter that your toaster doesn’t get updated,” Alan Woodward, professor of cybersecurity at the University of Surrey, said. “But actually if it’s on your network and somebody discovers a vulnerability, that vulnerability is never going to be fixed.
“If it remains connected and it’s just kind of ignored, then it can be a stepping stone.”
• Police can’t stop cybercrime, so here are some real solutions
As early as 2014 there were cases of hundreds of thousands of internet-of-things devices being hijacked and used to send malicious emails.
More recently, set-top boxes and smart TVs have been taken over by hackers for mining cryptocurrency — and saving on power and processing costs.
Many smart TVs record households’ user data, even when external devices such as laptops are plugged in
SUPERB IMAGES/GETTY IMAGES
Last year, the National Cyber Security Centre issued a warning that 260,000 devices around the world, including webcams, had been hijacked by a company with links to the Chinese government.
From October users of early Google Nest devices, from 2011 and 2012, will no longer be able to connect to them remotely. While this is annoying for consumers, it is less risky than allowing potentially vulnerable technology to continue running.
• Embedded Chinese tech ‘could freeze cars and traffic lights’
The wider problem is that neither consumers nor producers treat them as the security risks that they are, said Evgeny Goncharov of the cybersecurity company Kaspersky.
“I cannot recall a single case when we researched a consumer device and did not find any critical vulnerabilities,” he said.
Vulnerabilities ranged from crypto mining to becoming part of a “botnet” sending malicious emails, to having webcams hijacked to spy on you. Or it may simply be that an unprotected fridge, say, is a route in to everything else.
“When having access to one device you have an ability to connect to the server and then to communicate with your other devices, and sometimes take control over them. The problems are many,” Goncharov said.
