IOT is a great buzzword. Never before were we able to facilitate automation of such unacceptably mundane tasks as turning on the light or programming the thermostat. The great appeal of such integration products has always been ‘ease of use’ and ‘convenience’. Usability IS an important factor for every day consumer products, sadly we have failed to this day to provide an acceptable compromise of user-friendliness and security. This isn’t unique problem to IOT or any new technology, it just happens to be much worse than anything we have ever seen before. How did we end up here? No idea. Since the inception of the network of pipes industry’s track record of securing consumer products has been horrible. The most glaring example is a device every one of us has been using for a very long time – a consumer router. Practically unchanged for the past 20 years yet somehow every month like clockwork we find critical vulnerabilities exposing your entire (home) network.
We constantly talk about software vulnerabilities. Every ice cream stand business is aware of importance of patching and is constantly reminded either via constant Windows Updates or PCI compliance requirements. This is great, we are aware of the need to update software, what about hardware?
In aggregate, all of IOT solutions we have today can only be described as bad. By the law of numbers, the more devices we put on the internet, the more insecure devices are available for everyone to access (Link Description: Shodan – webcam tag, unsecured cameras all over the internet). Techy media outlets DO report this regularly but unfortunately this makes little difference to consumers as placing a ‘secure’ sticker on the device carries more weight on a purchasing decision, not because consumers aren’t educated but simply because it is not possible to know what you’re actually getting. Even if you are buying $100 lightbulbs from a reputable company implementing proven security protocols there is no assurance the end-result is a product you can rely on. And remember, we are talking about turning on a lightbulb here.
How hard can it be? Evidently it is pretty hard, and whether it’s the industry’s fault for not trying hard enough or consumers not wanting to pay for securing these products, the current state of affairs is rather sorry. Average products with limited reliability, no proven track record, isolated in walled gardens of competing standards most of which are lacking basic security features.
– The Internet of Potatoes
Jacob R, PEI