Privacy and Security
You've Been Hacked! Explaining Cybersecurity to Students in an Interconnected Era
- By Jacob Batchelor
Computer hackers, also known as cybercriminals, are infiltrating our world with ever-increasing sophistication. In October 2016, hackers disrupted service to Twitter, Netflix and other major websites. And just last month, another group compromised the online data of thousands of people and businesses — including hospitals and other emergency services.
Despite the increasing prevalence of these breaches, we still tend to disregard cybersecurity as something for someone else to worry about. But in just a few years, experts predict the so-called “Internet of Things” (IoT) will comprise 20 to 50 billion gadgets. This web of interconnected devices will reach everywhere — both in and out of school — leaving students’ and teachers’ personal data vulnerable to hackers.
It is critical that students understand both the benefits and risks of these devices — not to mention their smartphones. Educators have an important role to play in helping students understand and safely navigate an internet-connected world.
Explaining the Risks of IoT Devices
Amazon’s Echo uses smart technology to respond to the sound of a user’s voice. Google Home can easily play our favorite tunes. But how? It’s not magic. These devices — as well as internet-connected refrigerators, security cameras, baby monitors, coffee machines and more — add convenience to our lives. But kids must understand and take seriously how hackers can use these devices to access data.
In the cyberattack last October, hackers took down a large swath of the internet by first gaining access to tens of thousands of personal devices such as video cameras and DVRs. Pieces of these devices were all made by a single company that used simple passwords like “password” or “123456789” for all of its products. Once the hackers could access one device, it was easy to access them all.
These security vulnerabilities put the public’s privacy at risk. Recently, hackers took control of smartphones through a surprising IoT appliance — a slow cooker. That meant pictures, texts and emails were visible to the hackers and vulnerable to theft. In other instances, cybercriminals stole 2 million message recordings from an IoT teddy bear. Researchers discovered that an IoT Barbie could be turned into a spy device. Even internet-connected medical devices are theoretically at risk.
Here’s an easy way to explain IoT hacks to students:
- A hacker accesses a device, like a webcam, through its internet connection. Devices with weak security or easy-to-guess passwords make easy targets.
- The hacker can then infect the device with malware, a type of computer virus that takes control of a device.
- The hacker now has a number of options. He or she can use the device to spy, infect other devices or attack a target like the servers (centralized computers that store network data) targeted in the October 2016 attack.
If a device is capable of connecting to the internet, it’s vulnerable to cyberattack. It’s important for kids to take extra care when using any IoT device that records voice or video, uses personal information, or relies on location-tracking to work.
Here are some important tips that students operating IoT devices can use to help protect themselves:
- Research the manufacturer. Are they reputable? Have they previously been hacked? Big, established companies based in developed countries are usually the safest.
- Read up on security features. Is the device password-protected? Can you set your own password? If so, make it a strong password that uses numbers, letters and symbols — avoid common words or phrases.
- Regularly check for updates. Good companies will regularly update the software on their devices to protect against vulnerabilities.
- Ask yourself — do you need it? Make sure internet-connectivity is something you really need on the device you’re using. In many cases, internet-connectivity is not necessary for the device to function properly.
The Supercomputer in Our Pockets
Smartphones are not regularly considered part of the IoT because we tend to use their internet-connectivity actively, rather than passively. But they are undoubtedly much more powerful l— and important to protect — than our other devices. Smartphones have proliferated to the point of near ubiquity over the past 10 years. There are over 2 billion in the world today. Contained within each is often a person’s entire digital identity.
The dangers of unsupervised web surfing are well known. We teach children not to talk to strangers online, to never give away personally identifying information and to always use strong passwords. But smartphones have changed the equation. Not only do these devices provide constant access to the open web, but they put video and audio recording capabilities — not to mention GPS — on a person at all times. Privacy vulnerability is a huge concern.
A great teaching moment occurred last year with the release of Pokémon Go. Like many apps, the game connected with users’ Gmail accounts. But because of a coding error, many users unwittingly granted full access to their email accounts to the creators of the game. The company quickly fixed the error, and no data was compromised. But the incident shed light on just how easy it is to share digital information with apps.
Here are a few tips that students can use to protect their privacy while using smartphones:
- Research apps before signing up for them. Is it from a reputable developer? Has it had security issues in the past? Use the same approach as when researching IoT devices.
- Look over the terms of service. What information does it require? Does it track or store your data? Can the developer sell your information? All of these questions are important to consider.
- Be careful when linking apps to your social media accounts. Giving apps access to your social media accounts makes them vulnerable to hacking. Is there a good reason for the accounts to be linked? Can you sign up without linking to a social media account?
- Use two-factor authentication. Two-factor authentication requires authorization beyond a password when using unrecognized devices such as entering a code sent to your cellphone. As apps allow, be sure to use two-factor authentication which will make it more difficult for hackers to access the information stored in your apps.
When kids become informed about internet privacy and cybersecurity, they will not only acquire the knowledge they need to protect themselves, but also find opportunities to conduct research and academic exploration that is relevant to their lives.
Jacob Batchelor is associate editor of Science World, a Scholastic Classroom magazine for students in grades 6 through 10 that covers today’s biggest scientific discoveries relevant to students.