Speak of the Internet of Things, a new world where sensors, wearables and portable devices everywhere exchange information all the time, and you’ll likely hear of the benefits.
By crunching all that data collected, we can better predict weather patterns, for one. Making sense of the images from thousands of cameras in a city can help deter terrorists. And a smart fitness band can help you track your health proactively and alert your doctor of any potential issues.
Yet, as more such devices come online, alarm bells are starting to ring. In making previously dumb devices smart, we are also exposing them to the same risks faced by PCs and smartphones.
Imagine if your washing machine was hacked. By finding a loophole in the smartphone app used to control it, a prankster could turn up the heat on it to shrink your favourite shirts.
Previously “dumb” white goods, from Blu-ray player to washing machine, are being made more convenient via remote control. However, they may lack the same robust protection that PCs now come with.
The BBC recently did a test of some smart devices at home, and came away with a cautionary tale – so many have potential to be misused.
Is your smart baby monitor secured such that it is not leaking video images at home? What about the smart TV? Can a malicious app be installed on it to turn the microphone into a bug at home?
Far from sounding false alarms, these concerns are real. Okay, a washing machine hit by vandals may only irritate with a few shrunken shirts.
But what happens if someone hacked into your printer in the office and heated it up enough to start a small fire? Or if someone stole video footage of your home and asked for a ransom in exchange for not releasing some embarrassing moments?
It’s time that the industry, from electronics manufacturers to technology companies behind the Internet of Things, started taking security more seriously. Until now, the emphasis has been on getting the Things out fast. But are they secure?
Besides the devices, let’s not forget another weak link – Wi-Fi. So many home networks are set up with default passwords intact and data unencrypted over the air, that it won’t be that difficult to go around sniffing for vulnerable places to attack in a neighbourhood in future.
The same extends to corporate environments. With so many users running their own “shadow IT” inside the office, by installing their own apps and using their own devices, will they be setting up little networks of Things that expose their companies to attack?
When I put the question to Alan Stone, Microsoft’s head of IT for the region, his answer was similar to what many IT leaders have adopted – to quickly offer the capabilities that users want through secure, inhouse apps, while keeping out potential threats.
Interestingly, the company has developed a way to identify real threats from the millions of suspicious “incidents” that may be flagged by its security system, so it can deal with the real problems without being bogged down, he said at an Intel customer event in Bali this week.
That speed will have to be boosted, as billions of “Things” come online in the years ahead. Much of today’s security systems are not ready for the volume and velocity of the data – and attacks – on this new Internet.
If millions of today’s infected, zombie PCs can be mobilised to overload huge networks, imagine the flood of data coming from billions of Things that have been taken over by rogue elements.
Think about the sensors that government agencies put out in the open to be their eyes and ears. Security will have to be topmost, not just to protect the data collected but also to ensure it is not spoofed.
For its part, Intel says it is pushing for security to be built into the hardware, as it has with some of its PC chips, as well as better tools to manage and disinfect a network of Things. Other companies are advocating tougher Wi-Fi security.
These efforts are noteworthy. Yet, the scary thing is that millions of devices are already out there, relatively unsecure and always connected. From your fitness band to smart washing machine, many can be exposed to threats that are just developing.
The hope is that the industry will beef up security for the Internet of Things. It often gets things right in the end, like with the closing of some loopholes in Wi-Fi after much-publicised episodes of war-driving more than 10 years ago.
This time, with so many devices coming online, though, it might have to get things right before too many of these Things are pushed out to users. Retrofitting them could be costly.
In the same vein, users have to be more aware. Just like securing your Wi-Fi at home used to be a new chore you didn’t understand, you may soon have to make sure that smart TV or baby monitor isn’t leaking information because you hadn’t updated its firmware.