Shocker: The Internet of Things Is Insecure

For quite some time, device manufacturers and software developers have heralded the rise of the Internet of Things. Their logic goes something like this: By embedding all sorts of everyday objects with sensors, and allowing those sensors to stream data to analytics tools for insight-mining, our world can become more efficient than ever before.

But as any number of experts are pointing out, the proliferation of “smart” objects risks introducing all sorts of new threats. Embedded systems are often built on standard-issue hardware and software that rapidly ages out of date, technologist (and new CTO of CO3 Systems) Bruce Schneier recently suggested in a column for Wired: “The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it’s shipped.”

By the time hackers begin to expose the vulnerabilities in the system, he added, “the chip manufacturer is busy shipping the next version of the chip, and the ODM is busy upgrading its product to work with this next chip.” Maintaining the older chips and products “just isn’t a priority.”

Picture hundreds of millions—maybe billions, at some future point—of connected devices vulnerable to all sorts of hacks that could send real-world systems spiraling out of control, possibly injuring or killing large numbers of people. Happy 2014!

But that won’t stop the hype around the Internet of Things from building to a crescendo. There’s simply too much money at stake. Late in 2013, research firm Gartner suggested that IT spending on so-called “smart” devices and associated hardware could eventually reach $4 trillion, with everything from smoke detectors and medical devices to automobiles and home appliances eventually studded with all sorts of sensors and communications technology. IT giants such as Cisco have been pushing the “Internet of Things” particularly hard over the past several quarters, as they stand to benefit enormously from sales of the servers and other infrastructure necessary to collect and filter the data from connected devices.

But the movement has alarmed privacy advocates, who see “aware” devices as a threat to peoples’ shrinking ability to walk around in relative anonymity. When Nest rolled out its ultra-connected smoke detector in October, for example, The Kernel’s Greg Stevens responded in a blog posting: “Storing movement data in order to learn what normal movements in the room are? Transmitting information about every light, sound and movement in your house via Wi-Fi to your phone… and who knows where else? Ladies and gentlemen, how can you possibly stay silent about the possible abuses of such a device?”

Over time, fears of hacking could compound those worries about privacy. That won’t stop the Internet of Things from proliferating, however.

 

Image: Shutter_M/Shutterstock.com

Related