Are your running shoes spying on you? Published March 1, 2017 By PATRICK S. RYAN, Col, USAF SAF CIO/A6 Five or 10 years ago, such a statement might have been appropriate for a cartoon matinee or slapstick farce, but in a new world defined by the Internet of Things, this statement isn’t just a possibility, but an actual cyber vulnerability to be aware of. Companies today are adding the word “smart” to a constellation of different products: water bottles, refrigerators, televisions, and yes, even running sneakers. In simple terms that word “smart” means computer code performing some automated function such as data collection, storage, transmittal or other task to offer the user better insight into his or her experience using that product. Those running shoes might log miles walked, calories burned or altitude climbed and then send that data over a connection of some kind, whether physical or Wi-Fi, to another smart device such as a phone, tablet or computer, which the user can use to monitor fitness. It is that interaction, where the shoes “touch” the mostly unregulated, unprotected web where the true vulnerability lies. Any code can be altered once a connection occurs. The data you expect those shoes to collect may be changed by the bad guys to collect other data instead, or host malicious code that can be carried to the actual target they want to infect. All you might have to do is walk by the ATM and your bank could now be potentially infected. We take for granted the utility of smart devices. There is no argument they make life easier, more automated, and allow us to access data we might never have had access to before. Unfortunately, that comfort and joy we experience in the ever expanding landscape of technological wonders has a very evil underside we absolutely must be aware of. We cannot assume that these devices are safe, secure, and protected. They are not. So the question that comes to mind is simply: what do we do? This is not some call to revert society back to an agrarian base. Instead, we must grow a culture aware of cybersecurity. Even the simple act of asking questions: is this device (or shoe or water bottle) connected? How? Should I disable it before I come into work every day – or even not bring it at all? Are there security patches I can load on these items? That simple pause to address what has become a part of every facet of our lives could be the difference between a massive data breach and just another day at the office. An extreme example recalls how terrorists utilized simple box cutters as weapons of war to then turn civilian aircraft into even deadlier mass destruction devices. It was the definition of asymmetric advantage by a “supposedly” inferior enemy. In an Internet of Things we have created hundreds of these tools, now weapons in waiting. Yet a simple cultural shift, a turn from blind trust to trust but verify, can blunt that advantage. The Internet of Things offers an unbelievable range of possibility to the consumer. There is truly no limit to the new ways we can utilize smart devices to enhance our lives, but with the massive increase in powerful tools comes the simple responsibility to utilize them safely. It is like the Wild West in terms of opportunity, so we must realize our role in keeping the cyber peace. Use these new technologies to their fullest, but be skeptical and vigilant that they are just as much a weapon as a tool and the enemy is always watching.