Hiding Is Not SecurityHow Things Get Hacked In The IoT

When people create specific devices, they are somewhat aware of the issues surrounding security.  Nobody is going to put a completely unsafe device on the market or nobody will buy it (we hope).  Yet most of these makers do not recognize the larger context into which their product is being placed.

Let’s take the awesome new June oven as an example.  This oven can actually sense what you place into it and cook that food perfectly.  The makers of this oven did not put an open USB jack on the oven or leave an ethernet-connected hub hanging on the appliance when it shipped.  By itself, the oven appears nice and safe to both the designers and its rapidly growing set of customers.

The problem is the this oven is not sitting by itself and the very fact that it is “smart” means it will be plugged into smart homes.  Smart homes are, in turn, plugged into smart networks which provides Internet access to the home and back to that glorious oven.  Of course people might be thinking about this long exploit chain but their options to do anything about it are fairly limited.

So what you might ask – who cares if somebody can hack an oven?

Let’s play that out a second – a hacker gains control of an oven, overrides the safety off feature and sets the temperature to keep increasing…hotter and hotter…you get the idea.

This is not to say that the June oven has been hacked (yet) but to point out that seemingly innocuous, seemingly NOT Internet-connected, smart devices can be used for very bad purposes.  While everybody has been upset about baby cameras being hacked and weirdos talking to kids, the true threat is that a hacked camera provides open access to your entire home.  That access can include your computers, phone and even conversations (thank you Alexa).

No, you do not need to unplug everything and start wearing tinfoil on your head – but we do need to start thinking about the consequences of connecting more and more things together in a haphazard fashion.  Note that all of the hacks to date (and there are a ton of them) have come via a very small amount of our world being connected to another very small part of our world.  With the Internet of Things, everything will be connected to everything and we need to start thinking about the consequences now before it is too late.