Internet of things will lead to 'malware on your personal life', warns AVG's CTO

Large enterprises' BYOD policies could have negative consequences, says Yuval Ben-Itzhak

The ‘Internet of Things' phenomenon based on consumers using a number of smart devices that are connected to the web, will result in a situation where people may feel like they have "malware on their lives and on their personal data", according to AVG Technologies CTO, Yuval Ben-Itzhak.

In an interview with Computing, Ben-Itzhak said that as devices are becoming increasingly interconnected and hooked up to the web, criminals will be looking at how to exploit the data that is available to them.

Earlier this month, Proofpoint claimed that the first evidence of an internet-of-things cyber attack has been discovered. It said that the attack involved the use of botnets to send more than 750,000 malicious phishing and spam emails from domestic appliances as part of a wider campaign.

And Ben-Itzhak said that as new items such as smart fridges, smoke detectors, washing machines and health monitoring devices become mainstream, people should be wary as their data may be of interest to criminal gangs who could try to work out when you're likely to be in the house or not - and to health insurance firms who could pay to know exactly what your health is like.

But while these new devices pose a security risk, Ben-Itzhak said that it is the right time for these devices to come onto the market, as they are able to get the support to be truly ‘smart'.

"The idea of smart homes has been around for 20 years, but now is the right time to make it happen because we have smartphones, Wi-Fi and cellular networks... before people thought of a smart home as being able to dim the lights with a remote, or for the garage door to automatically open when the car reaches the drive way," he said.

He added that the phenomenon was likely to continue at Mobile World Congress (MWC) after many of the products launched at the Consumer Electronics Show (CES) led the way to a "new smart home reality". He said companies, such as Google, which acquired smart appliances firm Nest Labs this month, are now taking the smart home seriously.

But it isn't just technology firms that are embracing the idea of a smart home or life - car manufacturers such as BMW, Audi and Renault have shown a keen interest too, said Ben-Itzhak.

"Connected cars in which you can stream music through the cloud is something we've heard about, but there is an idea for parents to perhaps give their kids the car when they go to a bar and be able to measure what their alcohol level is after going out. Then, the parent has the option of stopping the car or calling their kids," he said.

"These cars are getting exciting and smarter, using data outside of the car inside, and vice versa. The new reality is aimed at making life easier and more enjoyable, and [AVG] is looking at how we can manage it and control it, and what the risks are going to be," he added.

[Turn to next page]

Internet of things will lead to 'malware on your personal life', warns AVG's CTO

Large enterprises' BYOD policies could have negative consequences, says Yuval Ben-Itzhak

How will this affect the enterprise?

AVG's CTO believes that enterprises face a big challenge in ensuring that their employees' devices are safe to use in the workplace.

He said that smart devices, particularly wearables and smartphones, will always be on employees, and envisaged two applications that a phone could be used for that companies should be wary of, particularly if hackers are able to tap into an unsuspecting employee.

"If a hacker found out a smartphone was going to be used in a government facility, for example, they could make a mic automatically turn on when the user is playing Angry Birds, and send a stream of data out to turn it into a spying device.

"Of course, the secret services would probably ban all employee devices, but for a larger enterprise that does allow employees to bring their own devices for personal or work use, this could be a problem. For example, if the hacker knew a company was going to have an earnings call and they're interested in their stock - they could turn on the mic of the CFO, and hear all of the preparation meetings before the call. You have to ask what this could mean for a public company," he said.

Ben-Itzhak gave another example of a smartphone's camera being used to capture pictures so that someone could receive a number of pictures and put together what the office looks like - perhaps aiding some form of criminal activity.

"People cannot avoid having smart devices on them, and it is giving them value so we don't want to stop it, we want to be able to manage it," he said.