These days, it could be almost anything: a thermostat, a TV, a lightbulb, an air conditioner, or a refrigerator. But what I do know, thanks to some of the conversations I've had over the past few weeks, is just how much data they're producing, and how many people can access that data if they want to. Hint: it's a lot.
I've been speaking to people who work in a field called IoT forensics, which is essentially about snooping around these devices to find data and, ultimately, clues. Although law enforcement bodies and courts in the US don't often explicitly refer to data from IoT devices, those devices are becoming an increasingly important part of building cases. That's because, when they're present at a crime scene, they hold secrets that might be invisible to the naked eye. Secrets like when someone switched a light off, brewed a pot of coffee, or turned on a TV can be pivotal in an investigation.
Mattia Epifani is one such person. He doesn't call himself a hacker, but he is someone the police turn to when they need help investigating whether data can be extracted from an item. He's a digital forensic analyst and instructor at the SANS Institute, and he's worked with lawyers, police, and private clients around the world.
"I'm like … obsessed. Every time I see a device, I think, How could I extract data from there? I always do it on test devices or under authorization, of course," says Epifani.
Smartphones and computers are the most common sorts of devices police seize to assist an investigation, but Epifani says evidence of a crime can come from all sorts of places: "It can be a location. It can be a message. It can be a picture. It can be anything. Maybe it can also be the heart rate of a user or how many steps the user took. And all these things are basically stored on electronic devices."