US intelligence director: IoT can be used to spy, recruit

U.S. Director of National Intelligence James Clapper has testified to the Senate that Internet of Things devices could be used by unspecified intelligence agencies to perform a variety of snooping activities, including things like tracking, surveillance, and even finding targets to recruit. No single intelligence agency was named, though it no doubt refers to any and all of them, something far from surprising in light of the Snowden revelations.

Internet of Things (IoT) devices are common household elements that include a level of intelligence and connectivity, the ability to monitor conditions or data and integrate into a home's larger network of devices. A connected baby monitor that allows parents to monitor their child remotely is one example, as are things like Samsung's newly introduced smart fridge.

Concerns about IoT security have been increasing, however; it's not hard to find caches of unsecured or improperly configured webcam feeds online, for example.

The FTC has long been pushing manufacturers toward increased security. In 2015, for example, the agency warned manufacturers that user security needs to be a top priority, and that failure to keep data secure could have big ramifications, including the loss of consumer trust. The fallout could be much larger, though, as governments around the world use such insecure devices to spy on people across the globe.

Clapper recently commented on this as part of his testimony on the U.S. and things that could pose threats to it. In his testimony, Clapper said in part:

In the future, intelligence services might use the [IoT] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.

He also warned about the US' need to increase its cyber prowess, stating, "Russia and China continue to have the most sophisticated cyber programs."

News of the testimony coincides with the White House's planned announcement of its first chief information security officer, something the federal government has long been lacking. The appointment, in all likelihood, has been spurred by the number of serious hacks various US government agencies have suffered, the most recent of which took place yesterday.

Last summer, US officials revealed that the Office of Personnel Management had been hacked and information on millions of federal employees were compromised. More recently, hackers have published contact details on thousands of FBI and Homeland Security staff members.

SOURCE: The Guardian