My phone is at rest on my desk, charging. I’ve enabled the new “Hey Siri” feature, which was part of the iOS 8 update. Now, the famous concierge feature that offers the world at the touch of a button is always-already on, listening (as long as it is plugged in). Somehow I’m feeling a bit less safe.
“Hey Siri,” I say, and my phone blinks awake. “You’re creeping me out.”
“After all I’ve done for you?” she replies.
Aptly put, Siri. Our gadgets, apps and wired devices make life a lot easier, connecting the work office to the home office and making seamless innumerable tasks and functionalities that used to require a warm body. The more information our apps and other wired goods gather about us, the more effectively they can guess what we will want or need next.
While a smartphone is light years beyond the many other devices usually considered part of the Internet of Things, our increasingly wired brave new world comes to mind as capabilities expand on multiple fronts. Hewlett-Packard reported earlier this year that nearly three quarters of the products in “The-Internet-of” category are vulnerable.
While Apple doesn’t have a past riddled with breaches, the larger the zone of possibility, the greater the concern should be. With all new things there are wrinkles, and they’re often ironed out after introduction and distribution. In simpler times, that resulted in product recalls and similar inconveniences. Now there is no recall. There’s a software patch. But before the flaw is detected and the update goes out, an army of hackers can mine those glitches for the golden workaround, intent on breaching the best-laid schemes of today’s security pros and grabbing both the glory of cracking the code, and the gold at the end of that cyber-rainbow.
“While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface,” HP’s Mike Armistead said in the report.
It’s Convenient…and Potentially Dangerous
If we’ve learned anything these past years, it should be that just about anything involving programing and code can be infiltrated, corrupted and hijacked. It’s maddening to return from that Florida vacation to burst pipes because someone you may or may not know hacked the heating system in your house, and it’s terrifying to find nude pictures of yourself online. But that’s really nothing compared to the realization that someone’s wormed their way through your new phone or a network-connected kitchen appliance to your personally identifiable information and committed fraud in your name. Bottom-line: The impossible has now become the possible — and perhaps the inevitable.
The current state of cybersecurity emergency that we find ourselves in should make you at least wonder if your phone, all duded up with its highly evolved operating system and standby listening function, might just allow a third party to eavesdrop on you, and with no indication that it is doing so. That’s precisely the sort of thing hackers try to figure out.
The take-away, if there is one, is that while the iOS 8 upgrade represents a giant leap forward with regard to what you can do with your smartphone, it also expands your “attackable surface.”
Know Your Features and Vulnerabilities
There are a few other features on iOS 8 that fall under the rubric of smart things that expand your attackable surface.
iOS 8 now makes it possible for you to share your location in Messages by simply flicking on the “Send My Current Location” feature. The problem: A phisher sends you a text, and you reply, “Who’s this?” The recipient is a burglar who now knows where you are—let’s say 5 miles from home. The other more mundane issue here is the data you’re giving away—does Apple really need to know your daily schedule better than you do? And what if Apple gets breached?
Another location services feature enhancement in iOS 8 appears on the lock screen of your phone, which now features small icons when you are near a place that Apple thinks you will want to know about. That’s pretty cool, if you feel Apple really “gets” you, but if you’re not sure Cook’s commandos are your soul mates, the feature is: 1.) annoying 2.) creepy 3.) bad for your budget or 4.) all of the above. And once again, should Apple ever suffer a data compromise there will be a whole lot of mineable information about you “out there.”
As our devices give us ever more potentiality, we must grok the fact that cybercrime is evolving at the speed of light and increasing geometrically. Every scintilla of our personal narrative that we knowingly or unwittingly swap for convenience, pleasure and the “newest, coolest thing” can lead us into an unadulterated nightmare if it falls into the wrong hands. The personal information that we trade for the whiz-bang of the latest killer app—used for marketing campaigns and sales projections—should be a buzz kill. When we use our information to get things, more than ever, it’s important to remember: We’ve become the product and unfortunately, more often than we’d like to admit, the guy who’s making the purchase isn’t our friend.