How to Keep Your Fridge From Exposing Your Data

— -- In 2015, somewhere in the neighborhood of 1 billion Internet of Things (IoT) devices will be purchased, an increase of 60 percent over the previous year. There will be 10 billion IoT devices connected to the Internet this year.

A couple of years ago, a survey found that three out of four Americans had no clue that there was such an animal, and many likely still don’t know (until you tell them their new smart TV or fitness band counts). Since the IoT is only going to get bigger, it’s best to get a handle on what it means for you.

The IoT can be any product or appliance equipped with a chip for storing data and web connectivity. The point is two-fold: service and data collection. Whether we’re talking about a car or a dishwasher, manufacturers can identify this or that “thing” by a unique code, then send it information over the Internet, including commands and software updates; conversely, they can also receive communications from it. Many of the devices that fall under the IoT heading have web- and app-based interfaces that allow end users to control them from wherever they may be, whether it is a security camera, a front door or a clothes dryer.

Frequently, these souped-up appliances are marketed as “smart devices,” and they have a variety of benefits. A smart coffee machine can make your coffee at 7:30 every morning, or smart tech can warm up your car whenever the temperature is below freezing. It can open the doors at your business and turn on the lights. The possibilities are endless, and excruciatingly cool. But the downside, of course, is the security risk. Because this data is moving around on devices that are not universally protected, in an environment where there is no established security standard, we have no way of assessing the level of risk.

Most IoT products are often woefully underprotected (or not protected at all), and that opens the door to hacking. From the criminal’s perspective, the IoT is, simply, an opportunity — a bunch of holes in the fence of your information security. It expands your "attackable" surface. Computer manufacturers and software companies devote attention and resources to providing security, but appliance makers have little understanding of the field. It is only a matter of time before the hackers start digging into their programs.

In fact, the first proven large-scale hack of IoT devices occurred in December 2013 and the first week of 2014, according to the security company Proofpoint, based in Sunnyvale, Calif. According to Proofpoint’s press release detailed the marshaling of conventional household smart, or IoT, appliances, “the global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multimedia centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.”