The promise of a connected world, as imagined by the top futurists of our time, is an intoxicating one. This world features previously-inanimate objects “talking” to each other over the world’s WiFi, terrestrial and cellular networks, establishing a network of “things” that have built-in sensors and smarts that allow them to interact with one another and be interacted with in turn, in new and novel ways.
Let’s first take a step back. The very idea of an “Internet of Things” is a massive concept that imagines a future where objects that you’d never think would need some sort of built-in intelligence, or ability to measure or sense things would have it. Daniel Burrus of Burrus Research posited in a guest column for Wired Magazine in 2013 that things as mundane as cement could be made smarter by way of tiny sensors that are mixed in right before it sets. That could, in turn, allow equipment to actively monitor the cement’s status, and alert engineers if specific readings ever cross a predefined threshold, indicating structural weakness.
This sort of thing is made possible by sensors, attached to all kinds of everyday objects, which generate a large amount of data which is then communicated to the cloud by the networks we make use of every day. That data is then processed by massively powerful servers, and converted into useful information that is then fed back to smart devices that communicate their importance to an end user.
As appealing as that may be, however, the reality is a lot less sexy: by incorporating smarts into, well, everything, what we’re actually doing is potentially creating a massive number of new vulnerabilities that could be used to break into IT systems.
Just think about it: if every manufacturer in the world directs their R&D departments to create smart products, from toasters to fridges to roads to bridges, it won’t be long before at least one of them does a sub-standard job, and releases onto the market a product whose security isn’t exactly watertight.
And let’s be honest, what are the chances that only one manufacturer does that? Slim to none; in reality, companies attempting to manufacture IoT devices as quickly and cheaply as possible will likely flood the market with poor-quality IoT devices, resulting in the proliferation of poorly-designed internet-connected devices vulnerable to being exploited by determined hackers.
In fact, that’s already happening, and we’re not even properly in the age of the Internet of Things yet. As recently as late October, China-based Hangzhou Xiongmai, a manufacturer of components that make their way into a wide range of electronics via third party licensing had to issue a massive recall in the US. It was discovered that cameras that use the company’s components were co-opted by malware to form part of the botnet army that took down Dyn’s DNS services the week before with a DDoS attack.
And while botnet armies are certainly something to be concerned over, weak security on devices like WiFi-equipped surveillance cameras offer hackers an entry point into the networks they’re attached to. This isn’t limited to cameras, either; in 2015 a research group from Synack Security evaluated a selection of 16 different home automation systems, and discovered that due to their poor security features, all were hackable in some way.
So unless your business or home operates those devices on a separate domain, essentially by installing IoT devices that haven’t had due attention paid to their security features, you’re giving hackers a front door to everything from your camera footage to your business data to your home’s lights. And that’s a scary point.
As Tomshardware points out, if IoT device security isn’t done properly right from the get-go, device recalls are going to be commonplace in our near future. The hope is that those recalls serve to motivate companies to do everything they can to avoid the situation, as they are expensive both in monetary terms as well as reputational damage.