Regular readers of this column will know I’ve been excited about the internet of things for some time. It’s a buzzword that describes the movement, currently in full swing, to connect common household objects and appliances like door locks, security cameras, and light bulbs to the web, allowing us to monitor and control them remotely.
After all, what could possibly go wrong in a world where you can peep inside your fridge from the office to check if you need milk, switch on the home aircon from your phone as you leave work, and keep track of your kids and their babysitter while out on date night?
Unfortunately, the same tech that gives you such easy remote access to your home can also be a boon for criminals and creepy stalker types.
Take Shodan, a site that bills itself as “the search engine for webcams”. Tech website Ars Technica recently ran an article that revealed a shocking truth – millions of webcams around the world are unsecured and vulnerable to prying eyes.
Shodan automatically finds these webcams, periodically snaps a pic from each of them and posts them online. The results range from the humdrum – empty backyards and car parks – to the more concerning – people on the loo and sleeping babies.
Privacy advocates have been quick to accuse Shodan of enabling voyeurs and, potentially, criminals. Its defenders argue that it is simply revealing weaknesses that are already out there.
In my view, the real culprits are the companies that make webcams and other devices with shoddy security including predictable default user names and passwords or, worse, no passwords at all – hands up if the user name and password on your internet router is still “admin” and “admin”?
Regulation may be one answer, but I wouldn’t hold my breath for anything to happen on this front in South Africa anytime soon. Here, the powers that be seem to be more interested in protecting cellular giants against competition from cheap messaging services like WhatsApp.
A better solution is self-regulation. The Guardian’s tech journalist, Alex Hern, wrote about one such grassroots initiative called I Am The Cavalry.
This collective of cyber-security volunteers is focusing its attention on getting makers of web-connected medical devices to subscribe to a “Hippocratic oath” for gadgets, one that includes a commitment to “prompt, agile and secure updates”.
“Similar oaths may one day be advertised on the packaging of other internet of things devices, allowing customers to be sure that they’re purchasing from a provider that takes security seriously,” writes Hern.
I’d love to see that happen. But what do you do in the meantime?
If you’re in the market for an internet-connected camera device, do you homework and check how good its security is before you buy.
If you’ve already got one, change the default user name and password. Failing that, a low-tech stopgap solution is to slap a strip of opaque tape over the camera when you want a bit of privacy.
Follow Alan Cooper on Twitter @alanqcooper