Security overlooked as appliances go online

Comment on this story


Copy of sa internet of things

WASHINGTON POST

The very reason for this new internets existence is to have machines talking to machines in order to perform complex tasks on behalf of us humans.

Washington - Ten years ago, the word “smartphone” didn’t exist. By necessity, neither did the word “dumbphone”.

In a decade, we might talk about all of our appliances in similar ways. From ovens to garage doors to insulin pumps to vehicles, many of our devices are going to be connected to the internet in the same sense that our phones are now.

Certain such products are already on the market in the US; one company, SmartThings, sells devices that help consumers control their lights and locks while they’re not at home, for example.

Eventually, these items will respond to signals from one another independent of human input. Your bathroom scale might tell your refrigerator that you’re overweight, and your fridge might start recommending healthier recipes.

That could be great, but it also vastly expands the universe of things that could go wrong, particularly when it comes to privacy. This might seem obvious, until you consider that many of the businesses that make these devices have never really needed to worry about securing their products before.

Take dishwashers. At heart, they’re simple machines. But a hacked dishwasher might start running on overdrive, going through multiple cycles, wasting litres of water and costing you extra and possibly flooding your house.

Although the people who make dishwashers may be fantastic engineers, or even great computer programmers, it doesn’t necessarily imply they’re equipped to protect internet users from the outset.

“It’s not just that the consumers don’t understand the technology,” said Jeff Hagins, the co-founder of the SmartThings company. “It’s also that the people building it don’t understand it.”

The same holds true for the car industry, where many companies have begun to experiment with new technologies that let cars communicate with one another.

Tadayoshi Kohno is a researcher at the University of Washington who’s spent a lot of time deliberately hacking into cars to test their vulnerabilities.

“Very often we see sectors of the broader industry that are not computer science experts starting to integrate computers into their systems and then start to integrate networks into those systems,” said Kohno. “Because they don’t have experience being attacked by real attackers, like Microsoft and so on, their level of security awareness... appears to be dated.”

Hacking is just an extreme case. Short of that, there are all kinds of security problems that could crop up in an Internet of Things situation.

Many of these devices are pumping out vast amounts of data. According to Hagins, a modest 10 000 households in the US have SmartThings installed. Together, those homes produce 150 million data points a day. The information may be relatively mundane, such as battery levels or temperatures, but as with any kind of data, in the aggregate it can produce extremely detailed profiles of your behaviour.

As early as 2010, Siemens said it was capable of using its smart meters to learn some pretty incredible things about our energy usage: “We, Siemens, have the technology to record it every minute, second, microsecond, more or less live... From that we can infer how many people are in the house, what they do, whether they’re upstairs, downstairs, do you have a dog, when do you habitually get up, when did you get up this morning, when do you have a shower: masses of private data.”

Securing that data is something that even big-name tech companies struggle with. So how do we fix that?

One difference between data-hungry businesses like Google and your future home network of internet-enabled objects is that some of those devices may not need to talk to each other over the public internet, says the Electronic Frontier Foundation’s Lee Tien. If they’re connected to the same wi-fi network, maybe those devices won’t need to transmit data across the web.

“Utilise but keep the data within the home boundary,” Tien suggested. “Keep the interesting variations within the home boundary. How much detail do we need and how much data needs to leave the home, actually?”

That raises another potential problem, though. If your home wi-fi password is all that stands between a spy or hacker and your networked devices, you wind up with a single point of failure.

“You’re relying on the end user having a secure wi-fi connection,” said Craig Heffner, a security researcher at Tactical Network Solutions. “You’re trusting that stuff to have been engineered properly.”

That leaves you pretty much right where we began – at the mercy of the manufacturer. – The Washington Post

Hungry for more scitech news? Sign up for our daily newsletter


sign up
 
 

Comment Guidelines



  1. Please read our comment guidelines.
  2. Login and register, if you haven’ t already.
  3. Write your comment in the block below and click (Post As)
  4. Has a comment offended you? Hover your mouse over the comment and wait until a small triangle appears on the right-hand side. Click triangle () and select "Flag as inappropriate". Our moderators will take action if need be.

     

Join us on

IOL-Social networks IOL-Social networks IOL-Social networks IOL-Social networks