Pretty much my take on it.
IoT devices facilitate robbery, stalking and cybercrime. That's the downbeat conclusion of a new study by app security firm Veracode into the insecurity of connected devices. Veracode reached its conclusion after looking into a variety of IoT kit, finding they are often designed without data security or privacy in mind. The …
"Among the issues found were: open debugging interfaces that could allow remote attackers to run arbitrary code on a device itself, such as spyware; serious protocol weaknesses that could allow passive observers to access sensitive data; and lack of adherence to best practices.."
Perhaps we would all be better off waiting for SP2.
Seriously, this whole thing is starting to look like a solution in search of a problem. I'm going to stay away from this stuff.
This post has been deleted by its author
Then just hold on for the next generation of badly designed and implemented devices that will be even more hastily and cheaply conceived in an attempt to reach the only lucrative market (users without technical ability) before the competition. They'll be even more scarily intertwined with your life and even more scarily insecure.
It's all very well for us smug Reg readers to say that we will never install IoT equipment in our existing houses, but what about when you move house? Recently I moved from an old house (with minor structural problems such as loose plaster) to a modern one (with problems created by its previous owner, such as a leaky shower). In future, we will have to re-fit the IT/IoT in a house when we buy it, but in some cases (eg "smart" meters), this may not be allowed.
This post has been deleted by its author
places an order with local supermarket if I run out of milk and my smart door lets in the delivery
man droid in to place the milk in said fridge. My smart car lets my smart TV know that I am going to be late home due to traffic conditions so it can record that which I would normally watch and my TV tells my smart beer cooler to wait a while before starting its task to save electricity. The beer cooler notifies the smart cat feeder to feed the cat. The feeder of course chatted with the smart food cupboard to check that there was indeed cat food after first checking with the fridge that there wasn't any left over chicken or fish for the cat.
My smart phone automatically sends a request to a greeting card company, a florist, a chocolatier or toy company dependant on which celebratory anniversary it is. It also intercepts the thank you messages and replies to the recipient that they are welcome and I love them, just in case I remain unaware of the action and embarrass myself by saying was it your birthday/anniversary/ etc.
My smart clothes make their own way to my smart washing machine, just after my smart utility cupboard as informed said washing machine that it has ordered detergent and indeed the detergent has been delivered by the same droid that delivered the milk.... My smart cupboard is smart enough to check with my other smart devices before placing an order.
As for me I never have to worry or think about anything any more. I have so much more free time to search for the latest labour/thought saving device. Perhaps there is an app for that?
IoT what's not to like?
With something like that set up, how long would it take for someone to noticed you've died?
But then that why you bought that Smart Coffin that take you to the Smart Undertaker who then places you into a smart grave and automatically informs all your smart stuff to sell sell themselves while your Smart Home is sold by a Smart Realtor that sells it and have a Smart Mover to bring in another person's stuff before you family is even aware of your passing.
"With something like that set up, how long would it take for someone to noticed you've died?"
Ray Bradbury touched on this in his 1950 short story "There Will Come Soft Rains".
You must be wealthy enough to afford to buy all that IoT stuff from the same manufacture and be able afford to replace it all when one item breaks and the v2.0 replacement isn't compatible with the existing stuff. What we really need is a new standard.
On a slightly more serious note, if this IoT kerfuffle is to take off in any meaningful way there really are going to have to be some mandated and enforced interoperability standards. Currently I can buy pretty much any electrical item in the UK and it will come with a plug that fits the power point in any house and will work with the standard delivered voltage. There's no patent problem and if anything isn't compatible with the power system then it's probably illegal to sell it retail anyway.
IoT devices really ought to be able to detect the local home server/hub, pair with it and say "here are the codes I can send/receive and this is what they mean" and then self configure with minimal user interaction other than authorising the pairing/setting of passwords. Computing power is supposed to make things easier for the user, not harder.
Oh, and of course there has to be a home server/hub because this information exchange between your home IoT devices should NOT be going via some manufactures cloud-based server system where it can be stored and analysed to "improve the user experience", ie target more ads at you.
During your ride home, you get an angry call from the girl you just dumped who is furious about the chocolates she just received and assures you in no uncertain terms that there isn't a snowball's chance in Hell that you'll get her back.
After that call, you get a notification from your landlord about a problem in your kitchen that made him call for security and a repairman. The smart cat feeder had a blockage which caused a freak current feedback that sparked your smart coffee maker which just happened to overload and cause a loopback to your smart cupboard which went haywire and filled its order queue for cat food, billing it automatically to your account. You now have a year's worth of cat food to be delivered tomorrow, order non-rescindable due to contract clause about encryption keys and digital signatures perfectly in order. You also have a $7500 bill for the repairs, payable by next Monday.
Also, there is cat food all over the kitchen floor.
You get home to find a patrol car waiting for you. The investigation will demonstrate that it is the electrical surcharge from your smart coffee maker and the subsequent order activity from your smart cupboard that triggered an obscure unpatched bug in your social profile's agenda organizer which caused an inordinate amount of meeting emails to be resent with today's date. In all, seven of your previous girlfriends, and some of your mates, have received invitations and messages from your stored message archive - some of which have salacious content that was, at the time, perfectly understood. Five of your exes have filed a complaint for harassment and are pressing charges.
The policeman tiredly listens to your explanations for a minute, then cuts it short with a curt "You'll tell us that at the station, sir" before moving you to the rear of the patrol car.
Finally, you realize that the cat will gorge itself during the night, meaning that when you get back there will not only be the remaining cat food to clean up, but probably also an unknown amount of cat vomit and maybe worse.
IoT - what's not to like?
I have to wonder why society is rushing to snap up tens of billions of new endpoints, made by such IT security luminaries as home appliance manufacturers, fly-by-night phone manufacturers and toy companies. We're actively checking off ingredients to the next IT security disaster with all the long-range thought usually associated with baking a batch of chocolate chip cookies.
Why? Because most of society doesn't realise the problems we have securing our IT infrastructure.
Most people have never heard of Snowdon, don't know what Heartbleed is and have no idea how to get rid of that annoying message that Norton / McAffee (delete as appropriate) is three years out of date every time they boot their computer. It's ok though because they don't use the computer as much since they bought a tablet from Tesco for 50 quid that has no AV at all.
Of course the extra-stupid thing is that now companies have to look at previously innocuous puchases of breakroom appliances and other formerly trivial items as potential information security risks. For example, we have a several-years-old refrigerator in our boardroom, stocked with drinks. Is there now some scenario where if we replaced that fridge with an internet-enabled version it might potentially leak information on meetings that we have taking place?
Ridiculous, I know, but who wants to risk being "that guy" who got his product development plans or a merger/joint venture leaked because the meeting room fridge was capturing images of what was being whiteboarded or who from company A was meeting with who from company B in the room?
Those who ignore history are doomed to repeat it. Precedents for ALL tech innovations in the last 20 years. Nobody has learned a thing.
Always a rush to new "features" such as allowing a web page to silently install software, never thinking of how that can possibly be misused. Vendors open gaping holes and spend the rest of the product life ignoring, denying, admitting, and finally trying to close them. It feels like Groundhog Day in that respect, it's always the same.
This stuff only works if the Things are not accessible to anyone except their owner (why would the owner want anyone else to use their wireless communications bandwidth or interfere with their access?), AND the useful information derived from the humungous amounts of data these Things will produce is made available as services - because the owner can earn more money that way than by making the Things accessible.
In the film Battleship the Japanese captain suggests using a network of tsunami buoys distributed across the pacific to detect the alien spaceships through water displacement, a tactic that the Japanese had been using to detect American submarines for twenty years. The Things which were installed in the ocean to provide one service turn out to be useful to others too, in ways that the original business case did not anticipate. This will happen with sensor data too, though it probably mostly won't be saving the planet from aliens.
granular control and monitoring of your life and living conditions by the device manufacturer, the advertisers "monetizing" this info, and the government that wants to find some politically or environmentally correct reason to control and monitor your stuff.
and you might even be allowed some control of these devices thru your iPhone when allowed, too!
But, but . . . you can control your heater through an app on your phone while you're on the train on the way home or set your television to record the latest episode of Master Renovation Survivalist Wants a Wife when you are running late! What could be cooler or more mind-blowingly revolutionary than that?!?!?!?