October 2017 Discover

October 2017^ DISCOVER^55

JULIAN BERMAN

factory-set passwords. Such an attack

would still probably be successful

today, he says. People won’t get

serious about security — updating

firmware, disabling unwanted features

and unplugging devices when not

in use, for instance — until tragedy

strikes, “when we see an incident of

someone getting hurt or killed with

a connected device.”

People don’t know

how close they come,

on a daily basis, to a

potentially devastating

hack.

That’s why white hats

continue to look for

flaws and point them

out to make things better. Margulies

ultimately received a letter back from

the garage opener manufacturer, which

said it would look into how best to

address the security issues. White

hats’ work can only go so far; it’s up

to consumers to demand security, and

to developers to take it seriously.

Harrington says developers need

to identify potential hacks and

threats early in the design process,

especially for IoT objects, and build

in protections to the finished product.

In addition to better protecting people,

this approach will cost companies

less money in the end. This isn’t an

issue of complexity, he says; it’s an

issue of priorities: “It’s not very

difficult at all for a manufacturer to

adequately build security in.” Even

though experts disagree on the best

way to build in security, designers

could start simply by requiring users

to change passwords during setup,

collecting less personal data, or even

allowing consumers to opt out of

data collection.

It’s no secret today’s smart devices

aren’t smart on security. Harrington

compares the devices to cars: “Volvo

has an amazing reputation as being

safe. Someone who cares about safety

is willing to pay a premium to buy a

Volvo,” he says. “Today, in the IoT, you

don’t have a choice to buy the Volvo

version of a safe product. All you can

buy are the ones with shitty airbags.”^ D

Stephen Ornes is a science writer in Nashville,

Tenn. He changes his passwords regularly and

embraces two-factor authentication.

PROTECT

YOURSELF

Cyberattacks succeed

when people

don’t take basic

precautions. Here

are five ways you

can protect your

digital self.

1. SET THAT PASSWORD
   YOURSELF! Smart devices
   come with a default
   password; change it as soon
   as you can. Hackers know
   that most people don’t, which
   means they can easily break
   in. For your other gadgets: If
   it has a password, change it.
   This goes for devices, routers,
   email accounts and phones.


2. COVER YOUR WEBCAM.
   Cameras are easy to hack,
   but there’s an easy fix: Cover
   the lens with a piece of
   tape. Then even if you get
   hacked, they won’t be able
   to see anything. Last fall,
   former FBI Director James
   Comey reported that he does
   it, as do other government
   employees.


3. USE TWO-FACTOR
   AUTHENTICATION IF
   POSSIBLE. Many apps
   now offer this extra layer
   of security, which requires
   some kind of additional check
   that you are who you say
   you are. Examples include
   texting a code to a secure
   phone number in addition
   to a standard password, or
   requiring a physical ATM
   card and PIN.


4. BACK UP YOUR FILES.
   If you do get struck by
   ransomware, experts advise
   against paying the attackers,
   who might not ever help.
   Instead, regularly back up
   your data and files on an
   external, offline hard drive.


5. KEEP UP WITH
   SOFTWARE SECURITY
   UPDATES. The global
   cyberattack in May exploited
   a vulnerability in Microsoft
   Windows — but a patch had
   been available since March.
   Machines with the patch
   How safe is your digital home? Tell us were impervious.
   at DiscoverMagazine.com/IoT

WHITE HATS’ WORK CAN ONLY GO

SO FAR; IT’S UP TO CONSUMERS

TO DEMAND SECURITY, AND TO

DEVELOPERS TO TAKE IT SERIOUSLY.

Samy Kamkar hosts a popular YouTube show where he hacks into all kinds of devices, from

locked computers to combination locks. He does it out of curiosity, not malice.