How IoT may be the worst of all options.
The idea that we can boil our kettle at home while flooring it down the motorway prior to arrival – has long been the stuff of geek dreams. It’s beauty is in its simple and home craft image, how nice and unthreatening is this. If IoT is all about kettles and making cups of tea, well, what’s wrong with that.
And it goes on, at a much deeper level, into how whole “cities” are now becoming Smart Cities. This is an energy conserved Utopia, at a corporate level, if you will, as opposed to a personal level. Whole new divisions are being created at some of the world’s leading IT Consulting houses, as to how they can deliver, using our love and total dependence on mobile and internet connectivity, a world where we are In Control – from anywhere.
In the UK and other parts of Europe, we can moderate our central heating using our mobile phone, and thus goes the argument, we can modify, ie, reduce, our heating bills, to cope with sudden sunny days and so forth.
My friend has a new car where, in the frozen climes she inhabits, – she can switch on the heated seats in her car some twenty minutes before she gets in. And whilst i am jealous and actually impressed, the question is however – do we actually want all this? Or just how useful and time and money saving, will all these facilities give us, or much as extra competences will be gained?
I ask this because for a start, I rarely change my central heating settings from one year to the next, let alone day by day. And judging from the number of times I receive rogue emails in one day, do I really want some central wifi being involved in my domestic life, however useful this might appear for the greater good? Because, if current life is anything to go by, if the Internet is involved, then our lives can be hacked.
We are not alone in voicing these shortcomings. Oren Dvoskin at Sasa Software says it like this:
“The IoT is definitely creating a buzz as a perceived weakness when relating to cyber security. Attackers constantly look for the easiest way into organizations, and unprotected devices are a potential point of entry. The most common scenario is scanning the internet for devices with default (or no) security credentials.
This was the case with the massive DDoS attack on Dyn’s servers in October – millions of devices were hijacked, then controlled remotely.
Another concern is attacking equipment with outdated security measures, or legacy operating systems. Sophisticated equipment, such as medical devices, often cannot be properly secured, due to manufacturer warranties. It could potentially be a nightmare, with hackers demanding ransom when they’ve sabotaged a hospital’s ventilation system (or a patient’s pacemaker).
What can be done?
As always, it’s the basics. Ensure that devices have updated security credentials, and when possible, that they receive ongoing updates. Sensitive equipment, and equipment in sensitive organizations should never have unrestricted access to the internet. ”
And this includes you and I at home. The kettle controlled wifi to make our cup of tea, will also let intruders in by the front door. And that, is what I would call a nightmare.