IE 11 is not supported. For an optimal experience visit our site on another browser.

Why the NSA wants to protect you from your toothbrush

The rise of web-based devices represents a growing risk to national and personal security, a U.S. intelligence official warned.

Remember way back in 2017, when then-President Donald Trump adviser Kellyanne Conway appeared to suggest the Trump administration may have been spied on with microwaves?

I certainly do, if for no other reason than it put me in the undesirable position of having to partially defend her claim. There's no evidence this occurred — but yes, the capacity exists!

In fact, the topic of household and other internet-connected devices going rogue — or worse, being maliciously controlled by third parties — is a key concern for the National Security Agency. That’s the word I received from a presentation at this year’s AI Summit and IoT World, a California-based tech conference.

The conference focused heavily on the Internet of Things, or IoT, a phrase for physical objects — yes, like microwaves — that weren’t traditionally connected to the internet in the past but can be now. 

Nicole Newmeyer, the NSA’s technical director for internet of things integration, said the agency is focused on IoT because “it’s already changing the way we exist as humans and how we interact with the world.” 

You might have a few IoT devices nearby. Maybe you’re being warmed by an internet-connected heater, in a room lit by internet-connected light bulbs, in a home with internet-connected appliances, watching a smart TV while checking the time on your Apple Watch. 

Regardless, by year’s end, at least 46 billion devices around the world are expected to be connected to the internet, according to 2016 data from Juniper Research, a tech consultancy firm. For the growing number of Americans surrounding themselves with smart devices, the popularity of IoT represents a “growing attack surface for our nation’s adversaries,” Newmeyer said.

Without proper security protections, everything you’ve connected to the internet is vulnerable to web-based attacks. And I do mean everything: Newmeyer listed internet-connected toothbrushes, wireless security cameras, service animals with two-way trackers, stoplights, internet-connected military equipment and smart cities as potential targets for malicious actors. 

She said businesses have been encouraged to create devices that meet a standard known as “common criteria,” a framework of security measures put in place for IoT devices. But businesses aren’t officially required to meet that standard, and even when they have, hacks on IoT devices have continued

So look, I’m not encouraging you to go full-on Luddite here and cast your devices into the sea. I’m just saying what you’ve come to expect from me: We need to hold these tech companies accountable for keeping us safe from dangerous hacks! 

Growing up, I had strict Nickelodeon loyalties, but even I watched Disney’s “Smart House” — I know how this story goes if we aren’t careful.

CLARIFICATION (Nov. 16, 2021, 1:08 p.m. ET): An earlier version of this article mischaracterized standards available for IoT devices. Businesses are encouraged to meet a set of standards known as “common criteria,” but there is no formal certification process for it.

Related posts:

Cable news mostly mum on Paul Gosar’s violent tweet. It’s a dangerous setup.

Josh Hawley’s crusade against video games and porn is hilariously empty

A juror’s cruel joke got himself kicked off the Kyle Rittenhouse trial

Head over to The ReidOut Blog for more.