I was on the underground (train) recently, staring at the myriad of adverts that adorn the carriages. Amongst the adverts for fast food apps and hair loss treatment I saw a feature from one of the big players in household appliances. The advert had a picture of a woman on a train holding a phone, with a big smile on her face. Above the picture there was a caption that pointed to some ‘clicking’. In the same picture, there were then a bunch of household appliances. I recall seeing a washing machine, fridge and an oven. At the bottom of the advert there was a pointer to an ‘app’. Yes, you’ve guessed it, this is the Internet of Things (IOT), and the progression of technology to a position where we can now boil our kettles while on the train or wash and dry our clothes before we get home. Hey, maybe even set the oven to gas mark 7 for 2 hours.
Are we taking things too far?
In the security game, we are constantly talking about reducing the attack surface and providing less opportunity for the bad guys to get in. With IOT, are we expanding the attack surface? Are we doing enough to think about the consequences if one of the bad guys gains access to that oven, or maybe that baby monitor? Each IOT ready device provides a potential window into our homes and lives. Recent history would suggest that maybe we are not doing enough. For instance the recent and widespread Distributed Denial of Service (DDoS) attacks attributed to CCTV cameras are a case in point. It is also ironic that something like a CCTV camera that is in fact introduced to add security is being leveraged to undertake an attack.
Connectivity by Default
Look around your home and the odds are that the technology you are using requires Internet connectivity to function effectively.
Sure, you can choose not to attach that 75 inch ‘Smart TV’ to the Internet, but then how do you watch Netflix?
How about boiling your kettle while you are 5 minutes from home? Or turning on the heating so that the house is nice and warm when you get in; is this taking things too far?
The issue we have is that each one of these devices that we introduce to the home will at some stage soon have Internet Connectivity. We are fast reaching a melting point at which connected items will outnumber their non-connected counterparts.
Should security be demanded?
Consumers need to think carefully about the devices that they are purchasing. Connectivity is good, but safety should be a key part of the decision-making process. The questions that should be at the forefront of our minds are those based upon the extent to which the vendor is providing a secure device. After all, it is demand that informs supply and if there is enough consensus, vendors will have no choice but to build in at least basic security measures. Security guru Bruce Schneier recently called on government intervention to add oversight to the world of IOT but is enough being done?
Ultimately, we need to gaze into the future and consider what the next decade will bring. How long before we see that toilet flushing app?