1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Keeping the CIA out of your home

Maximiliane Koschyk
March 12, 2017

The "Vault 7" documents published by WikiLeaks show us how the "Internet of Things" (IoT) has great potential, yet is also susceptible to remote espionage. So how do I get the internet out of the devices?

IFA Berlin 2014 - Smarthome-Oberfläche Einfamilienhaus
Image: picture-alliance/dpa

The "Vault 7" leaks are the latest revelations to be published by the WikiLeaks website. The material reveals the CIA's detailed descriptions of the vulnerabilities of smartphones, computers and other electronic devices. The corresponding hacker techniques are also expounded.

Data and consumer protectionists are not surprised. For a long time now, they have seen the "Internet of Things" (IoT) [the physical devices involved in the electronic connection and exchange of data. Ed.] as a potential source of danger. "We examine whether the consumer understands where the data is created, how it is interlinked and what is done with it," says Michael Schuhen from the University of Siegen in western Germany.

He and his colleagues have initiated a pilot project at the Center for Economic Education at the University of Siegen. They test consumer competence with regard to "smart" electrical appliances, and they offer tips on how to keep hackers out of private homes.

The simple answer: Just don't use them

"The simplest solution is still: I'll do without all these applications," says Schuhen. Often people do not understand everything they should keep in mind, he says. Basically, whenever data flows, it can be monitored. Schuhen says, when in doubt, play it safe. After all, if you do not have any devices with smart features, then you do not have to worry about security issues.

Household check: Which devices are connected to the internet?

Many consumers are not aware of the fact that their home appliances are already connected to the internet or what type of data they transmit. That is why it helps to get a general rundown about the IoT.

Which home appliances do I have that collect data, and if they do, what kind of data do they collect?

What purpose does the data collection serve, and who has access to it?

What is the manufacturer allowed to do with my data; for example, can it be passed on to third parties?

And most importantly:

Can I use the product without exchanging data with the manufacturer?

Anyone who is uncertain about the answers to these questions can look for answers using the search engine Shodan.io, for example. Anyone in the world can use this search engine for the IoT to find out whether a device is connected to the internet and how you can protect yourself.

Samsung Kühlschrank mit Bildschirm
Could even a refrigerator connected to the internet pose a danger?Image: Getty Images/A. Wong

Your password is the digital key to your home

"There are of course consumers who are torn between two choices," says security expert Schuhen. They want data security and data sovereignity and at the same time the convenience of using devices that are connected to the internet. "Then I would advise them to make sure that the data protocols are encrypted," says Schuhen.

Many digital data streams can be made safe by individually creating passwords and using other encryption methods. You usually set them up in the device's user settings section. This allows the consumer and not the device to determine the type of data that is transmitted.

Networks: Use safe connections for safe devices

If you want to protect the flow of data in your household, you should use secure internet connections. The basic requirement here is again the use of a password, but you can take another step, says Schuhen. "I build my own network that no one from outside can access." However, a great deal of work is involved. "I need my own server - the infrastructure. I have to set up the server and maintain it," says Schuhen and this is probably not something everyone is into. "Either I am an IT specialist or it can get very expensive." Local networks have another disadvantage. "If I have to set up my own server, I can only control things locally," says Schuhen. "If I want to have control from outside, I have to set up a VPN client," explains Schuhen. With the help of a VPN (Virtual Private Network) you can then safely navigate the internet, he says.

Updates are like regular software vaccinations

Not matter how well you secure your internet access, sometimes the security error lies in the operating system. Companies that want to be careful regularly check their software and if need be, they update it if they discover vulnerabilities. Schuhen tells consumers, "Check to see whether the manufacturers offer updates." Products that do not offer this service are usually cheaper but this is only an advantage when the device is purchased.  "If I save money in that area, then I have the risk of others accessing my device." For example, Vault 7 documents have listed several vulnerabilities in Apple operating systems. In response to the revelations, Apple said that most of them have been fixed with software updates.

Tape over anything no one should see

It may sound paranoid, but it has almost become standard for many smartphone and laptop users: In the summer of 2016, a picture of Facebook founder Mark Zuckerberg caused a stir. In a snapshot of his office, you could see that the webcam and microphone of his laptop had been covered with tape.  The fact that a leading digital company takes such precautions was seen by many as a sign that no one is really safe, no matter how well they know the internet.

Is there an app for this? Yes, so use it

The internet connection is safe and the device is safe, but what about the messages you send? There are many apps that have been designed for secure communication and offer encryption and password protection. Most of them are safe but they are still susceptible to cyberattacks. Vault 7 documents have already revealed that hacking strategies often were more geared toward the operating system than the programs. This means that hackers could try to retrieve the messages before they are encrypted and sent through the apps.

Apps that don't collect data