Yes, it's that time of the year again. Time for global electronics vendors and eager enthusiasts from far and wide to converge at the world's largest annual consumer electronics/technology tradeshow. CES 2016 is in full swing, and IoT innovations have unsurprisingly taken center stage once again. Of course, who can forget the debut of Samsung "Smart" Fridge at last year's show, followed by the publicized hacking of the device soon thereafter. Judging by this year's exhibitor turnout, consumers can expect to see more hacked IoT devices making headlines in 2016. The following are the top 7 hackable IoT devices to watch out for at CES this year.
1. Single Passenger Drones
Last year, various media outlets—most notably Wired at DefCon 2015—had a field day demonstrating just how easy it is to hack a drone. And while intercepted Amazon Prime Air packages are a bummer, the stakes are certainly much higher when dealing with human cargo. The EHang 184 makes its debut at CES 2016 as the world's first consumer-grade single passenger drone; fortunately, the device (aircraft) won't be available at Best Buy anytime soon, but if/when it does become available to the general public, caveat emptor.
The EHang 184. Source: ehang.com.
2. Baby Monitors
So-called "Baby Tech" devices are all the rage right now, and the CES vendor turnout this year certainly reflects this trend. Smart baby monitors in particular are in full force on the exhibitor floor: First Alert's OneLink, Owlet Smart Sock, and Sproutling Baby Monitor, to name a few.
The Sproutling baby monitor. Source: Sproutling.com.
Despite being arguably one of the more compelling IoT use cases, connected baby monitors receive a failing grade when it comes to security. Ars Technica reviewed the security postures of the leading connected baby monitors on the market, and concluded that 9 out of 9 devices possessed critical, highly exploitable vulnerabilities.
3. Kitchen Appliances
This year at CES 2016, century-old home appliance manufacturer Whirlpool exhibits its take on the smart kitchen. Featuring integrations with Nest and Amazon Dash Replenishment, the Smart French Door Refrigerator can be controlled via the Whirlpool mobile app.
The Whirlpool Smart Refrigerator. Source: BBC.com.
As mentioned previously, Samsung's Smart Refrigerator made headlines last year when a team of hackers exploited critical vulnerabilities in the appliance, exposing Gmail account credentials.
4. Stuffed Animals
Though not a connected doll, per se, this app-controlled device by French manufacturer Oliba will effectively turn any stuffed companion into an app-enabled smart toy.
The Oliba device. Source: Oliba.fr.
The device enables your Teddy bear to be tracked and located if lost, and will also soothe your child to sleep with a story or song. Let's hope that the Oliba is not as vulnerable as the Hello Barbie Doll.
5. Smart Minivans
Critically maligned auto manufacturer VW introduced its BUDD-e smart electric minivan at CES 2016, setting the stage for future VW electric vehicles and modular production platforms. The BUDD-e can respond to verbal commands or gestures, as well as communicate with your connected home devices.
The VW BUDD-e. Source: cnet.com.
Hackers were exploiting automobile vulnerabilities in 2015 like it was going out of style, and—in Fiat Chrysler's case, prompted a 1.4 million unit recall after the infamous Jeep hack. Tesla's Model S was also shown to be hackable at last year's Defcon 23.
6. Heart-Related Medical Devices
Keeping tabs on the 'ol ticker has never been easier, especially with Omron's wearable device for monitoring blood pressure, sans inflatable cuff. The device—called Project Zero—was one of many health monitoring devices making its debut at CES 2016.
The Omron Project Zero. Source: prnewswire.com.
Last year, hackers killed a simulated human by compromising and turning off its pacemaker. Of course, monitoring bodily functions is one thing—controlling them is another. But the app-controlled Omron reads and saves personal blood pressure data to the device, which could be a privacy concern if said data is compromised.
7. Smart Lightbulbs
Sakar International—under its photographic and optical equipment manufacturing brand Vivitar—introduced its new app-controllable smart bulb at CES 2016. The device also doubles as a Bluetooth speaker
Vivitar's 2-in-1 LED Bluetooth Speaker Light Bulb. Source: BBC.com
Connected light bulbs have been the focus of many a security concern as of late. For example, security researchers demonstrated recently how LIFX smart bulb vulnerabilities can be exploited to steal wifi network usernames and passwords.
Disconcerting, to say the least—but don't write off those IoT connected kicks from your wish list just yet. Vendors are ramping up their security efforts in anticipation of continuing rising demand for such devices. For example, Panasonic, Samsung, and AT&T have all dedicated significant resources to bolstering the security of their IoT offerings, while companies like Dojo-labs focus specifically on providing IoT security solutions to combat malware, viruses, and cyber attacks. And of course, UpGuard's platform for continuous security can validate that all your connected IoT devices are configured correctly and free from vulnerabilities.
So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Even today, the risk of data breaches in particular threaten to hamper business innovation. So what is cyber risk, and what can be done about it?