The Internet of Things
There is an interesting article in this week’s New York Times: Why ‘Smart’ Objects May Be a Dumb Idea. In it, the author Zeynep Tufekci, notes that with the rapid proliferation of smart things, enough hasn’t been done to secure them from hacking. There have been several examples recently of cars being hacked to demonstrate the dangers.
Though I’ve written about the Internet of Things in the past, specifically around the Nest thermostat, I’ve been surprised to hear how many items have been getting connectivity. Some items make sense, door locks, thermostats, lamps, televisions, automobiles. Others are a little surprising, like light bulbs, refrigerators and ovens. Yet more are frightening like rifles.
The problem that they all share is how to keep them secure against hacking. At the most benign, hacking them can undermine privacy, even if it’s not clear why. Take Nest thermostats. Hacking into a Nest user’s account will show whether there is anyone at home. Whether at home or away, a fair amount of mischief is possible exercising control of the thermostat. On the other end of the spectrum, the threat of someone controlling your car is terrifying!
The general concern in the security community is that the various manufacturers are not implementing holistic security practices. Rather, they are reactively fixing discovered issues, but are not properly looking for and proactively fixing security weaknesses before they become identified by a third-party or worse, become exploitable “in the wild.” A perfect example is the auto hacking. Why has there not been a firewall between the Wi-Fi capability and the computers operating the car itself. That would be easy to do, with no loss of functionality, yet the manufacturers apparently didn’t see the need.
As a result, I’m personally slow rolling on the Internet of Things. Yes, I have a smart TV and the Nests, but I’m not running out to purchase smart door locks, nor does my TV have a camera or microphone. Though one of our cars has Wi-Fi, we don’t really need it, so I’ve disabled it for now, the risk is currently not worth the reward.
Fortunately, the car hacks that the media has been yelling about of late, were performed in laboratory conditions, which is to say that to hack the car, the researchers needed access to the vehicle at some point to be able to retrieve the data required to get remote access to the vehicle. As a result, we’ve not yet seen any incidents in the wild.
What should you do? Like everything on-line these days, you need to evaluate the value you get with smart devices and weigh that against the risks posed. As aways, do not take the enhanced capabilities at face value or worse do it because it’s cool. The good news is that we’ve not yet seen widespread hacking of appliances and other “things”. That said, its probably a matter of time before it happens.