You've Been Hacked! Explaining Cybersecurity to Students in an Interconnected Era

cyber2

Computer hackers, also known as cybercriminals, are infiltrating our world with ever-increasing sophistication. In October 2016, hackers disrupted service to Twitter, Netflix and other major websites. And just last month, another group compromised the online data of thousands of people and businesses — including hospitals and other emergency services.

Despite the increasing prevalence of these breaches, we still tend to disregard cybersecurity as something for someone else to worry about. But in just a few years, experts predict the so-called “Internet of Things” (IoT) will comprise 20 to 50 billion gadgets. This web of interconnected devices will reach everywhere — both in and out of school — leaving students’ and teachers’ personal data vulnerable to hackers.

It is critical that students understand both the benefits and risks of these devices — not to mention their smartphones. Educators have an important role to play in helping students understand and safely navigate an internet-connected world.

Explaining the Risks of IoT Devices

Amazon’s Echo uses smart technology to respond to the sound of a user’s voice. Google Home can easily play our favorite tunes. But how? It’s not magic. These devices — as well as internet-connected refrigerators, security cameras, baby monitors, coffee machines and more — add convenience to our lives. But kids must understand and take seriously how hackers can use these devices to access data.  

In the cyberattack last October, hackers took down a large swath of the internet by first gaining access to tens of thousands of personal devices such as video cameras and DVRs. Pieces of these devices were all made by a single company that used simple passwords like “password” or “123456789” for all of its products. Once the hackers could access one device, it was easy to access them all. 

These security vulnerabilities put the public’s privacy at risk. Recently, hackers took control of smartphones through a surprising IoT appliance — a slow cooker. That meant pictures, texts and emails were visible to the hackers and vulnerable to theft. In other instances, cybercriminals stole 2 million message recordings from an IoT teddy bear. Researchers discovered that an IoT Barbie could be turned into a spy device. Even internet-connected medical devices are theoretically at risk.

Here’s an easy way to explain IoT hacks to students:

  • A hacker accesses a device, like a webcam, through its internet connection. Devices with weak security or easy-to-guess passwords make easy targets.
  • The hacker can then infect the device with malware, a type of computer virus that takes control of a device.
  • The hacker now has a number of options. He or she can use the device to spy, infect other devices or attack a target like the servers (centralized computers that store network data) targeted in the October 2016 attack.

If a device is capable of connecting to the internet, it’s vulnerable to cyberattack. It’s important for kids to take extra care when using any IoT device that records voice or video, uses personal information, or relies on location-tracking to work.

Here are some important tips that students operating IoT devices can use to help protect themselves:

  • Research the manufacturer. Are they reputable? Have they previously been hacked? Big, established companies based in developed countries are usually the safest.
  • Read up on security features. Is the device password-protected? Can you set your own password? If so, make it a strong password that uses numbers, letters and symbols — avoid common words or phrases.
  • Regularly check for updates. Good companies will regularly update the software on their devices to protect against vulnerabilities.
  • Ask yourself — do you need it? Make sure internet-connectivity is something you really need on the device you’re using. In many cases, internet-connectivity is not necessary for the device to function properly.

 The Supercomputer in Our Pockets

Smartphones are not regularly considered part of the IoT because we tend to use their internet-connectivity actively, rather than passively. But they are undoubtedly much more powerful l— and important to protect — than our other devices. Smartphones have proliferated to the point of near ubiquity over the past 10 years. There are over 2 billion in the world today. Contained within each is often a person’s entire digital identity.

The dangers of unsupervised web surfing are well known. We teach children not to talk to strangers online, to never give away personally identifying information and to always use strong passwords. But smartphones have changed the equation. Not only do these devices provide constant access to the open web, but they put video and audio recording capabilities — not to mention GPS — on a person at all times. Privacy vulnerability is a huge concern.

A great teaching moment occurred last year with the release of Pokémon Go. Like many apps, the game connected with users’ Gmail accounts. But because of a coding error, many users unwittingly granted full access to their email accounts to the creators of the game. The company quickly fixed the error, and no data was compromised. But the incident shed light on just how easy it is to share digital information with apps.

Here are a few tips that students can use to protect their privacy while using smartphones:

  • Research apps before signing up for them. Is it from a reputable developer? Has it had security issues in the past? Use the same approach as when researching IoT devices.
  • Look over the terms of service. What information does it require? Does it track or store your data? Can the developer sell your information? All of these questions are important to consider.
  • Be careful when linking apps to your social media accounts. Giving apps access to your social media accounts makes them vulnerable to hacking. Is there a good reason for the accounts to be linked? Can you sign up without linking to a social media account?
  • Use two-factor authentication. Two-factor authentication requires authorization beyond a password when using unrecognized devices such as entering a code sent to your cellphone. As apps allow, be sure to use two-factor authentication which will make it more difficult for hackers to access the information stored in your apps.

When kids become informed about internet privacy and cybersecurity, they will not only acquire the knowledge they need to protect themselves, but also find opportunities to conduct research and academic exploration that is relevant to their lives.

Featured

  • pattern featuring interconnected lines, nodes, lock icons, and cogwheels

    Red Hat Enterprise Linux 9.5 Expands Automation, Security

    Open source solution provider Red Hat has introduced Red Hat Enterprise Linux (RHEL) 9.5, the latest version of its flagship Linux platform.

  • glowing lines connecting colorful nodes on a deep blue and black gradient background

    Juniper Launches AI-Native Networking and Security Management Platform

    Juniper Networks has introduced a new solution that integrates security and networking management under a unified cloud and artificial intelligence engine.

  • a digital lock symbol is cracked and breaking apart into dollar signs

    Ransomware Costs Schools Nearly $550,000 per Day of Downtime

    New data from cybersecurity research firm Comparitech quantifies the damage caused by ransomware attacks on educational institutions.

  • landscape photo with an AI rubber stamp on top

    California AI Watermarking Bill Garners OpenAI Support

    ChatGPT creator OpenAI is backing a California bill that would require tech companies to label AI-generated content in the form of a digital "watermark." The proposed legislation, known as the "California Digital Content Provenance Standards" (AB 3211), aims to ensure transparency in digital media by identifying content created through artificial intelligence. This requirement would apply to a broad range of AI-generated material, from harmless memes to deepfakes that could be used to spread misinformation about political candidates.