Having everything connected to internet would be interesting if everything needed to be connected to the internet. And the vendors took security into account. Consumers Prepare For An Internet Of Very Pointless Things – Forbes (Click the image to see a larger view at the original site.)
And I don’t mean that they should take security seriously. (They should!) But they aren’t even treating security as a third or fourth level requirement. In a previous post I wrote about how a certain smart-fridge was a good way to get your Gmail password hacked. Why Do We Need a Smart Fridge? But that isn’t the end of it.
Now we have even more “smart” objects, that aren’t smarter than the hackers.
In 2014 Context Security released details about how it was able to hack into the wi-fi network of one brand of network-enabled smart bulb, and control the lights remotely. “We bought some light bulbs and examined how they talked to each other and saw that one of the messages was about the username and password,” said Michael Jordon, Research Director at Context. “By posing as a new bulb joining the network we were able to get that information,” he added.
If you are passing information about userid and password around to an unverified node in the network, I think your software engineers need to take a course in Security 101. Or maybe revisit the 11th grade. To design a system – today, these were not designed in 1984, but 2014 – assuming that all players in the environment are legitimate is beyond naive. (And even in 1984 we had security on closed systems. Resource Access and Control Facility – the dreaded RACF from IBM. Top Secret from Computer Associates. And more.)
And is it really easier to turn lights on via your phone than to slap the switch when you walk into a room? OK if you are on vacation I can see having lights turn on and off at given times, but are you going to be doing that via your phone? (“It’s 7:30 in Chicago, I better turn on the kitchen lights.” Really? That is what you are going to worry about when you are relaxing on a Hawaiian beach?)
There is a place for the internet of things. Monitoring the temperature of pharmaceutical reactions during manufacturing. Monitoring or controlling any number of manufacturing processes. Monitoring the health of oil wells, agricultural pumps, traffic signals.
But having a stove that you can turn on remotely? Do you really leave food in the oven all day? Or you can’t wait 8 minutes for the oven to warm up to get that frozen pizza?