As you shop for that new “smart” refrigerator that can do everything including figuring out when you’re low on milk, perhaps you should also think about the risk of some mischievous hacker taking control of it and having 5000 gallons of milk delivered to your door.
Unlikely, yes, but possible. And that’s just inconvenient. What about a hacker who unlocks your doors while you’re away?
That scenario is real. It has been demonstrated. Security experts have been saying for more than a decade that, in the world of electronic devices, “smart” does not mean secure. They have warned that if security is not made a priority, the convenience provided by those devices will be undermined by cyber criminals.
And most of them say things have gotten even worse since those warnings began, in part due to the explosive growth of consumer devices with embedded computers.
Helping ‘things’ compute
In an interview with PaulDotCom Security Weekly TV last February, Craig Heffner, a vulnerability researcher with Tactical Network Solutions, put it bluntly. “Go back 15 years in computer security, pick every problem we’ve had from then to now, and you’ll find it in embedded systems,” he said.
That would make it a problem growing by orders of magnitude. At a conference on the Internet of Things (IoT) last month, sponsored by the Federal Trade Commission (FTC), the agency’s chairwoman, Edith Ramirez, said the 3.5 billion sensors now on the network are expected to grow to trillions within the next decade. Indeed, many of today’s new cars already have more than 100 embedded, connected computers.
”Five years ago, more things than people connected to Internet,” she said. “By 2020, 90 percent of all cars will have some kind of vehicle platform, up from 10 percent today. By 2015, there will be 25 billion things hooked to the Internet. By 2020, that will grow to 50 billion. In the consumer market, smart devices will track our health, help us remotely monitor an aging family member, reduce our utility bills and tell us we’re out of milk.”
But all that, she said, will come with “undeniable” privacy and security risks. In response, she said, the stance of the FTC is that, “companies need to build security into their products, no exceptions.”
Perhaps some day. But according to most experts, the opposite is true—the exception is a smart product that actually has security as a key component. Heffner, who appeared on a panel discussing the “connected home” at the FTC conference, contended that, “consumer devices typically don’t have any security, at least not by today’s standards.”
In an interview, Heffner said the biggest reason for that is because “people don’t make purchasing decisions based on the security of a product. They do it based on the product’s features, looks and price. Why in the world would a company spend time and money on something that users don’t care about and will never see?”
Full Story: Smart devices get smarter, but are still short on security | TechHive.