The Internet of Things is a reality comprising hundreds and soon thousands of connected devices -- and it's the biggest test yet for corporate responsibility.
Ignorance is bliss
All the tech players are getting into the space but that doesn't mean they know what they are doing. All they seek is a way to keep revenue rising, some by selling you things, others to learn more about you so they can sell you. And in their rush they're selling problems not solutions.
Take Google's Nest thermostat -- hackers have already figured out how to turn it into a network sniffing spy inside 15-seconds -- all they need is access. Imagine that: Anyone with access to your home can turn your convenience into their network traffic sniffer in a few seconds.
I'm not singling Google out, though it will never be a poster child for end user privacy, many others are implicated -- just read the recent HP Fortify report that warns few firms offering connected things pay attention to your security. Few even have a problem reporting system for these solutions.
Here are three reports to illustrate where we are today:
- Nest hacker, Daniel Buentello previously explained how connected appliances can be used against us -- check out “Weaponizing your coffee pot”, in which he undermined Belkin WeMo appliance security.
- Security consultant Jesus Molina has discussed flaws found in a hotel's building automation system that enabled him to control almost every appliance in the property.
- Target customers last year saw credit card details stolen when attackers figured out how to penetrate the retailer's point of sale devices using a vulnerability found in Target's smart air conditioning system. (As a consumer do you ever anticipate losing your cash through air conditioning?)
Convenience or calamity?
As you fill your life up with connected devices it is necessary to consider the cost of the convenience -- each connected device is a potential attack vector, unless someone has secured it.
"A couple of security concerns on a single device such as a mobile phone can quickly turn to 50 or 60 concerns when considering multiple IoT devices in an interconnected home or business,” said HP Fortify.
Significant attacks against home routers and other connected systems have already been reported this year.
It's not so long until 2020 when IDC reckons we will have 212 billion connected devices sharing every detail of how humans get through their day online. When they do they will be using an Internet based on Open Source roots that are already creaking. You see, Heartbleed proved the volunteers who maintain the code that maintains the Internet need more cash to check the code they create (some claim OpenSSL runs for a year on the price of a MacBook Pro - to support how many devices?).
Security doesn't need to be boring
So why won't the big mega-corporations cough up more cash to support the Open Source groups who make the code that drives both convenience and corporate profit? Corporations and cybercriminals aren't so very far apart, I suppose. They all want whatever they can get for as little as possible.
It doesn’t have to be this way, of course: connected solutions could offer convenience without the compromise. Secure solutions could create an Internet of Things in which there were no easy targets. Solutions you could trust (subject to the NSA).
As businesses collect even more personal data from cars, homes and other connected systems, the extent and value of the information gathered for big data analysis becomes immense.
The stage seems set for someone to put security at the center of the connected dream. Assuming its systemically possible to achieve that, which corporation do you think will step up to the plate?
Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.