It was my very great pleasure to talk about hacking and the impending security disaster that is the Internet of Things (IoT) on ABC TV’s Lateline last night — and don’t I look concerned.
Also joining the program was security researcher Runa Sandvik, who got plenty of media recently for hacking a smart sniper rifle.
I won’t go into too many details here, because you can see the video and transcript at the Lateline website. For the next month or so, you can also watch it in HD on iView.
However, this exchange surprised me:
STILGHERRIAN: … Scarier though is what’s happening with smart TVs. There are millions of those around the world. They’re networked, so you can watch clips from YouTube or whatever on them or Netflix or any of the streaming services, and yet I’ve seen a young hacker from South Korea not only hack a smart TV, hack it in 10 different ways and set it up so that the camera and microphone in the TV are streaming live video and sound out to the internet while the television looks like it’s turned off. These are televisions that are being installed over the last few years and more in the future in hotel bedrooms, classrooms, corporate boardrooms. So they’re kind of like an always-on surveillance device.
JOHN BARRON: I guess, Runa, the question then occurs: well, who would want to do this? Who would want to hack into somebody’s TV set in suburban Australia or the United States? The answer would probably be: well, nobody. But why would somebody want to do this?
RUNA SANDVIK: There’s a mix. There’s definitely people that are doing this for sort of evil purposes, if you will, or to make money, and there are people that do it just because they can, because it’s there, it’s a possibility, it’s not as secure as it should be and they do it just to show that they can.
Personally, I’d have thought that the security risks of peering into people’s homes would have been obvious, but the questions moved on before I could point out the attraction to both pilferers and perverts.
Anyway, you can also read my thoughts on this in my December 2014 column, All aboard the internet of things infosec hype train, and its January 2014 predecessor, Our hackers, who art in open source, deliver us from refrigerators.