Security

The NSA wants to spy on the Internet of Things

We already know the National Security Agency is all up in our data, but the agency is reportedly looking into how it can gather even more foreign intelligence information from internet-connected devices ranging from thermostats to pacemakers.
Speaking at a military technology conference in Washington D.C. on Friday, NSA deputy director Richard Ledgett said the agency is “looking at it sort of theoretically from a research point of view right now.”

The Intercept reports Ledgett was quick to point out that there are easier ways to keep track of terrorists and spies than to tap into any medical devices they might have, but did confirm that it was an area of interest.

When asked whether the entire Internet of Things — that is, everything from a kid’s WiFi enabled toy to someone’s biomedical device — would be a boon for the NSA or just a whole lot of digital noise to sift through, Ledgett replied, “Both.”

“As my job is to penetrate other people’s networks, complexity is my friend,” he continued. “The first time you update the software, you introduce vulnerabilities, or variables rather. It’s a good place to be in a penetration point of view.”

Ledgett also explained that why the NSA was not able to help the FBI hack into iPhone belonged to the San Bernardino shooter, which was accessed by the FBI after buying an exploit from a group of hackers for a large sum of cash.

It’s because the agency had not exploited that particular model of iPhone, as the NSA has to prioritize its resources, which are not focussed on popular gadgets, rather on the bad guys’ technology of choice.


“We do not do every phone, every variation of the phone,” Ledgett said. “If we don’t have a bad guy who’s using it, we don’t do that.”

Ledgett is not the only intelligence official who sees the growing IoT devices as a possible way for global spying.

Earlier this year, the Director of National Intelligence James Clapper also said during a Senate hearing that internet-connected devices could be useful for “identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.” Clapper’s office did, however, follow up that statement with the caveat that, “information obtained from a refrigerator, a washing machine, or a child’s toy” is no substitute for access to terrorists’ actual communications.

Jay Prakash Kumar

If you have come this far, it means that you liked what you are reading. Why not reach little more and connect with me directly on Facebook or Twitter. Jay Prakash is a founder of Professional Hacker, Technical Writer, Software Developer, Security Analyst and Technology Enthusiast with a keen eye on the Cyber-world and other technology-related developments.