‘Internet of Things’ Scanners, Pricy and Cheap

 

It was reported this week that Qadium, a “global Internet sensing” company run by a former CIA analyst and consultant for the Defense Advanced Research Projects Agency (DARPA), has raised an additional $20 million in funding, after previously receiving more than $10 million in Department of Defense contracts.

The company, which is billing its Expander software as the Google Street View of the “Internet of Things” (IoT), openly states that it “hails from the defense community,” but CEO Tim Junio, formerly of DARPA and the CIA, says there are tight controls on the company’s work.

“All of Qadium’s government work is defensive in nature,” said Junio, according to a press release. “We have very strict protocols in place to ensure that we never participate in offensive cyber warfare by any government, including the U.S.”

The Internet of Things refers, basically, to the increasing tendency of all kinds of things, ranging from household appliances to components of machines, to be connected to the Internet and interconnected with each other. Think microwaves that collect metadata and televisions that watch the audience. While the phrase has become popular, the full scope of what it may eventually encompass is not yet entirely clear.

In April, the National Telecommunications and Information Administration solicited public comments about the potential government role in regulating the Internet of Things, receiving more than 130 papers. Between those focused on risks and those focused on benefits, one thing about the IoT appears increasingly undisputed.

“It will be huge,” writes Patrick Thibodeau of ComputerWorld, “in both good and bad ways.”

Among the comments submitted was a staff report from the Federal Trade Commission’s Bureau of Consumer Protection and Office of Policy Planning. The FTC report found both pros and cons and was somewhat inconclusive. “Staff believes that IoT-specific privacy and data security legislation would be premature at this time,” it states.

In pointing out potential IoT advantages, FTC staff write that “in the area of connected health, consumer-facing products such as insulin pumps and blood-pressure cuffs can enable people to record, track, and monitor their own vital signs, without having to go to a doctor’s office.”

The report’s authors note, though, that potential IoT benefits can simultaneously pose threats. “For example, vulnerabilities in an IoT insulin pump or pacemaker can result in significant injury or even death to a consumer;” the report states, “an attack on a vulnerable connected car can lead to engine failure or a loss of control; and an insecure IoT alarm system can open up a home to danger.”

Indeed, while privacy risks are also discussed in the FTC report, the potential risk to human life posed by the Internet of Things is increasingly a matter of discussion. Data security concerns also go beyond the threat of rogue hackers, to include the potential for government overreach.

Earlier this year, James Clapper, US director of national intelligence, testified that the Internet of Things could be used “for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

Additionally, the Federal Bureau of Investigation reportedly has the capability to hack webcams. So if you think you’re paranoid for covering yours up with a sticker, at least you’re in good company. “I put a piece of tape over the camera,” FBI Director James Comey reportedly said earlier this year, “because I saw somebody smarter than I am had a piece of tape over their camera.”

Rising paranoia over webcams – just one of the more obvious examples of a built-in technological component that could be hijacked for covert monitoring – is even driving a budding industry. Companies are reportedly selling webcam covers and stickers of various kinds. Most people, of course, are also resourceful enough to find a free sticker or opaque piece of tape.

Indeed, it is becoming clear that the Internet of Things can be a source of vulnerabilities, and some organizations will no doubt be willing to pay top dollar to protect themselves. Qadium’s Expander, for example, reportedly costs $1 million per year.

That may seem a hefty price, but some are apparently willing to pay for access to software that “lets organizations see their entire connected system, like a search engine for IoT, and also provides analysis of the networks, warning customers of hackable machines, broken firewalls, and other issues that need to be addressed.”

So far, Qadium has reportedly found its client base primarily in government agencies “including the U.S. Cyber Command and the U.S. Navy, but it does have private customers, including one large bank based in New York.”

As with webcam stickers, however, privacy-minded Internet of Things users that don’t have access to the U.S. national security budget have some less expensive options. U.K.-based firm BullGuard announced today that it has launched a new free IoT scanner that appears to do many of the same things as Qadium’s software.

“BullGuard’s IoT Scanner uses data from Shodan.io, the first search engine for internet connected devices, to scan for vulnerable smart devices and presents results in a straightforward way that anyone can understand,” according to a press release. “This includes security cameras, baby monitors, Smart TVs and wearables that may be visible to hackers. If accessible devices are found, they are flagged along with details of potential vulnerabilities.”

Former spooks and government hackers may be hard at work selling overpriced spy technology to other divisions of the government, but they’re not the only ones waking up to the threats and opportunities posed by the Internet of Things. Just as demand for these technologies has spread through government bureaucracies obsessed with maintaining a technological edge, so it can be expected to spread among ordinary people looking to protect themselves from those same agencies and their increasingly invasive methods.