Meinung
Security of Internet-Connected Hearing Aids
Security expert Constantine Grantcharov makes the case for future proofing internet-connected hearing aids.)
Aktualisiert am Jun 8, 2020
:format(webp))
Hearing aid technology has evolved tremendously in the last 20 years. I bought my first hearing aids in 1996, and the big hype back then was that they were the first digital hearing aids on the market and that they were CICs (Completely-In-Canal). It was a major milestone to not only create a hearing aid that was miniature, but also digital.
Skip forward 20 years, and we are at the cusp of the Internet-of-Things (IoT) revolution. Refrigerators, washing machines, lightbulbs, and other everyday items found in your home are now becoming “connected” – they are on the Internet and accessible from anywhere in the world. Hearing aids too are starting to breakthrough into the IoT space and the possibilities of using hearing aids as more than just a means to hear are starting to take shape.
Hearing aids like the ReSound LiNX and Starkey Halo that pair directly with your mobile phone are effectively replacing the wired earbuds or headphones you used to listen to music with. “Alright, wireless headphones!” you say, but that’s not super impressive – it’s natural extension of what a hearing aid can do.
However, imagine using your hearing aids to:
The possibilities are endless and only limited by human imagination. These ideas and applications are what are going to transform the hearing aid from a social stigma to a trendy next-generation wearable. Having a hearing aid in your ear will no longer be something you want to hide, but rather something you want to show off to your friends and family. I daresay that people with regular hearing will buy hearing-aid like devices just to access the technology that hearing aid users may one day take for granted.
Now, all of this is really great and wonderful, but we need to also address the dark side of internet-connected hearing aids. Hearing aids will need to become much more secure to survive in the world of IoT.
A statistic that I recently read and have discussed with my colleagues at length is:
70% of IoT devices on the market today are not secure.
For a market that is projected to reach billions of devices – that’s right billion with a ‘B’ – 70% is a staggeringly high number!
In recent news, IoT devices have been used to launch DDoS (Distributed Denial of Service) attacks against governments, corporations, and other entities, which take advantage of these insecure devices. These attacks are capable of flooding the internet with so many connections, that websites cannot handle the load and are knocked offline for regular users like you and I. The recent DDoS attack that took down Twitter, Spotify, PayPal, GitHub, CNN.com and the New York Times, was largely preventable, and only made possible by thousands of insecure IoT devices! Hearing aids too can fall victim to hacking attempts, and be used to mount such attacks. Just imagine your new pair of Oticon Opn’s taking down the New York Times!
Let’s get a little personal so that the dangers of insecure hearing aids are something that you would be able to relate to. I’ll illustrate these dangers with two scenarios:
These are just two examples of what can happen when security is missing or not strong enough in a product like a hearing aid. These scenarios would previously not have been possible, because the hearing aid was a closed system with no outside connection, except during fittings at the hearing clinic. But going forward that will no longer be case.
Security, unfortunately, is often not well understood and brushed aside as an expensive overhead cost to manufacturers of IoT devices – until something goes horribly wrong. For hearing aid manufacturers, my message is that they need to pay attention and start integrating security into their solutions now. Security is often ineffective or greatly diminished when it’s “bolted-on” to an existing solution or product. For maximum protection of the end user, security must be at the core of every product starting at the time of design and followed through to implementation in both hardware and software.
I want to feel safe wearing my hearing aids 16+ hours a day knowing that my conversations remain private at all times and the technology they integrate with is not spying on me or causing malicious activities as result of the connection to the Internet. As hearing aid users, we should demand that hearing aid security be treated as a fundamental right for every single hearing user, not a privilege. Just like we can choose who we let through the front door to our house, we need to be able to securely choose what we digitally allow into our connected hearing aids.
Constantine ist seit über 20 Jahren Hörgerätenutzer und arbeitet derzeit als Sr. Embedded Security Systems Engineer bei TrustPoint Innovation Technologies, Ltd. Er hat seinen B.A.Sc in Computer Engineering von der University of Toronto und verfügt über mehr als 8 Jahre Erfahrung in der Softwareentwicklung und im Design von sicherer Echtzeitkommunikation für eingebettete Systeme. Bei TrustPoint ist er Technical Lead für V2X Security Technology, trägt zu IEEE 1609.2 / SCMS-Protokollen für sichere Fahrzeug-zu-Fahrzeug-Kommunikation (V2V) und Kollisionsvermeidung bei und arbeitet an allgemeinen IoT-Sicherheitslösungen.
