Request Consultation
Request Consultation

FIPS 140

Compliance

Technology

Industries

FIPS 140-3 Validated Software

Post-Quantum Cryptography

Entropy

Extended Support

The Internet of Things (To Protect)

January 30, 2014 Ray Potter

SmartFridgeThe Internet of Things is under attack already, say researchers.  A smart refrigerator was hacked and used to disperse malicious code, for example.  So why are we not properly teaching folks that devices are vulnerable immediately upon connection?  Education on these topics will save us a lot of heartache and headlines in the next few years... and it might even save some lives.

In recent posts, Symantec's Vince Kornacki and Bob Shaker point to some disturbing potential outcomes from building the connected home without properly factoring in security.  Sure, the hacked toaster oven is fairly innocuous, but burglars really could case entire neighborhoods by tracking homes' thermostat activity.  Hackers more interested in anarchy and panic really could manipulate fridges to spoil food and use unsupervised ovens to start fires.  Kornacki points out that by simply disabling a home's heater could produce disastrous effects in frigid climates, and the inverse is true as well.  Denying air conditioning to a desert dweller in August could quickly turn cruel or even fatal.

We have seen what happens in other sectors when we let technology develop too far without factoring in security.  Unfortunately, many manufacturers will ignore security as long as possible, until their consumer audience demands it.  So let's stop, take a deep breath, and educate the public.

Rules to Remember

  • If it's connected to the internet, it can be hacked.
  • If it can be hacked, it can be manipulated.
  • Everything that has data in transit or at rest should be encrypted.
  • Encryption is not all created equal, so it should be verified.
  • If it has a camera, someone might be watching you.
  • If it has a camera, someone might be watching your internet traffic instead of you.
  • If it has a password, change it to a strong code.
  • If it doesn't have password protection available, ask why not.

 

Manufacturers will drag their feet until we, as buyers, make it clear that we want secure devices.  We should not be buying any connected devices that do not have privacy safeguards available.  Speak with your wallet and be patient until viable options are on the market.  And then, it will be game on for the Internet of Things!
Ray Potter

Ray Potter

Ray Potter is the Founder of SafeLogic, which was spun off from his previous venture, the Apex Assurance Group consulting firm. He brings over 20 years of security and compliance experience, including leading teams at Cisco and Ernst & Young, to the operations team at SafeLogic. Ray loves playing guitar and flying airplanes.

Conversations

Share This:

Back to posts

Popular Posts

Search for posts

Tags

See all