Your toaster lets your kettle know that the bread is almost toasted to brown perfection, so this is the time to start boiling that water so it will be ready for you when you want to make the coffee.
Meanwhile, the shower tells the TV that it’s been turned off, so it’s time to flick over the the morning news. TV lets the curtains know that it’s morning, so let’s raise them and let the sunshine in. Your car warms up your seat before you’re even done with your shower.
Welcome to the Internet of Things. Total connection between inanimate objects, thinking for themselves and communicating with each other to make our lives easier. In theory, this is a great concept. And even though the IoT has not been around for as long as the internet, it is growing rapidly: Smartwatches, Smart TVs, self driving cars.
However, as the manufacturer’s of these devices (fridges, heating systems, baby monitors) are not mainly focussed on cyber security, this vital aspect of gadgets that gets to control ever increasing parts of your entire world is not getting the attention it needs. These devices are not as well protected as the more conventional aspects of our online world like PCs or even smartphones. Very little to no security is built in to baby monitors, and hackers recently demonstrated how easy it is to hack into them and spy on your family.
The “normal” security measures don’t get us far with these new devices. Sure, the usual principles still apply (don’t share your password etc), but the manufacturers of these devices don’t build security into them from the ground up. Security is added later on – a wall approach rather than an intrinsic immune system approach, which is the way forward.
This was brilliantly demonstrated by Andy Greenberg, senior writer at WIRED when he drove a Jeep on a highway and allowed hackers to hijack it.
The main issue seems to be that manufacturers can’t seem to agree on best practises on how to implement security within their devices and gadgets.
The traditional approach does not work as well here, as it does for PCs or even for smartphones – the traditional approach being create a product, look at how you can secure it and then make sure that 3rd party providers – McAfee, Norton etc – are up to date so they can provide the security as needed.
The IoT needs to implement security on the base of the product, not build it on top where it can be easily breached, as we’ve discovered many a time here on thehacktimes.com: Smartwatches and their vulnerabilities for example