NEST Thermostat-BlackHat-scaled

Security Of “Things” Increasingly The Stuff Of Headlines

It looks as if the mainstream media is waking to the security implications of the “Internet of Things,” in the wake of recent demonstrations at the Black Hat and DEFCON conferences that highlight vulnerabilities in everything from home automation systems to automobiles to toilets.

NEST Thermostat-BlackHat
A stream of reports before, during and after Black Hat suggest mainstream media outlets have started to pick up on the issue of security and The Internet of Things.

Stories in The New York Times and other major news outlets in the last week have highlighted concerns about “the cyber crime of things” as Christopher Mims, writing in The Atlantic, called it. Insecure, Internet connected devices ranging from surveillance cameras to home heating and cooling systems could leave consumers vulnerable to remote attacks and spying.

The stories come after hacks to non-traditional computing platforms stole most of the headlines from this year’s Black Hat and DEFCON shows in Las Vegas. A compromise of a Toyota Prius hybrid by researchers Charlie Miller of Twitter and Chris Valasek of IOActive was featured prominently in stories by Forbes and others.

Security Ledger reported on research from the firm Trustwave that showed how a variety of “wired” devices, from home automation gateways to a Bluetooth enabled toilet and Samsung Smart TV were vulnerable to trivial, remote attacks.

By and large, the articles don’t break any new ground. “Build it and (the hackers) will come” is a common refrain. That’s absolutely true and – as Nick Percoco told us in his interview two weeks ago, device manufacturers need to pay more attention to security, rather than assume (as home automation device maker Mi Casa Verde does) that the people buying their devices are technically sophisticated users who would rather have all the bells and whistles enabled than to have a device that’s secure by default.
“We know from testing corporate clients, many corporations don’t have secure wireless networks, let alone consumers,” Percoco told us.
An equally important issue is raised by  Mims at The Atlantic. Namely: what are the privacy implications of living in homes and public spaces that are bristling with remote sensors? Surely there are benefits to be had: nudging your thermostat up on the drive home from work. But in an age of ever more present government and private sector surveillance, the ability of others to see into our private lives and infer our behavior increases with each new sensor that is deployed.
“Once entire homes are fully instrumented with sensors, there is no end to the kind of data that hackers and governments could gather about us and our habits,” Mims writes. Indeed.

One Comment