From Yahoo (via Engadget): The New York Times recently published a reportthat revealed a disturbing trend of harassment and domestic abuse via internet-connected devices. In addition to using them to stalk and monitor their victims, abusers are also doing things like changing door-lock codes, turning lights on and off and boosting the thermostat to unbearable heat. In short, making their victims miserable.
On the surface, this seems like a relatively straightforward problem to solve: Just change your password or unplug the devices, right? Except the issue here is two-fold. Not only are the devices sometimes solely controlled by the abuser, but oftentimes making these changes will result in even worse abuse, especially if the couple is still living together. Asking these victims to stop using the devices is like telling them to just leave their abuser; these situations are usually much more complex, and the victims could be putting their lives in danger by doing either.
“It is very hard to give broadly applicable security advice to victims of domestic abuse, because every victim has to judge how much independence they have from their abuser and whether or not taking action to will cause them to back off or spur them to even more drastic action,” said Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation.
But let’s assume a scenario where there’s still some recourse. In that instance, pretty much every security expert Engadget interviewed said that the best tool one can have is an awareness of both their devices and surroundings. Everyone should know how many smart home products are in their house. If possible, they should get a unique credential and password for each household member so not one person is controlling the device. “Find out how it works, how it’s configured, how you can get into it and how they could be shut off,” said Jonathan Knudsen, a senior security strategist for Synopsys, a software and security company.
If the abusive partner has left the home and the remaining person wants to continue using the same devices — say it’s something difficult to remove like a connected doorbell or a smart thermostat — experts say they could try resetting them to factory settings.
“Make sure to hard-reset the device and update the username and password,” said Sam Levin, a community specialist for Independent Security Evaluators. At DEFCON, Levin also runs the IOT Village event, which helps researchers improve the security of smart home devices. “Another countermeasure not to be overlooked would be to replace any devices since they may have been physically tampered with in such a way that they would remain compromised even after a hard reset,” he added.
As mentioned, however, changing passwords and doing a factory reset aren’t options for everyone. There is no one-size-fits-all solution for domestic abuse.
“Women can end up looking paranoid,” said Ruth Patrick, a CEO of WomenSV, a Silicon Valley domestic violence program. This is especially the case with abuse involving the smart home because complaining about things like lights turning off and on can make someone seem crazy. To help curb this, Patrick suggests that victims work with a domestic violence advocate who’s savvy about these technologies. “Reach out to them or the police, and present yourself as a sane, competent person. Keep calm,” she said. “Get emotional support. Work with a therapist if you can.”
Additionally, Patrick advises abuse victims go as low-tech as possible. “If they have a sensitive appointment like interviewing attorneys or meeting a counselor, park several blocks away and put all the electronics in the trunk,” she said. Other tips include using a pad and paper to take notes, getting a flip phone instead of a smartphone and checking their belongings for trackers like RFID tags and Bluetooth fobs. Patrick also says they should avoid transportation like Uber or Lyft that uses an app, just in case that can be used to track them. “Even the Tesla app can be used to see where you’re going in real time.”
If they can afford it, Patrick recommends the use of a private investigator with expertise in counter-threat measures. The investigators can sweep cars and houses to make sure there are no hidden cameras or microphones, or signs of electronic tampering.
It’s unfortunate that victims have to go through such lengths to get away from constant surveillance, but this is the reality many abused people are living in. Even when tech companies run threat analysis assessments on their products, they often run tests against hackers or threat actors, not abusive exes. It’s not a topic that has come up in previous IOT Village events, according to Levin. There is research being done on the topic at the university level, but this is an issue that tech companies have mostly been silent on.
Read the rest of the story here.