The SafeLogic Blog

The Internet of Things is under attack already, say researchers.  A smart refrigerator was hacked and used to disperse malicious code, for example.  So why are we not properly teaching folks that devices are vulnerable immediately upon connection?  Education on these topics will save us a lot of heartache and headlines in the next few years... and it might even save some lives.

In recent posts, Symantec's Vince Kornacki and Bob Shaker point to some disturbing potential outcomes from building the connected home without properly factoring in security.  Sure, the hacked toaster oven is fairly innocuous, but burglars really could case entire neighborhoods by tracking homes' thermostat activity.  Hackers more interested in anarchy and panic really could manipulate fridges to spoil food and use unsupervised ovens to start fires.  Kornacki points out that by simply disabling a home's heater could produce disastrous effects in frigid climates, and the inverse is true as well.  Denying air conditioning to a desert dweller in August could quickly turn cruel or even fatal.

We have seen what happens in other sectors when we let technology develop too far without factoring in security.  Unfortunately, many manufacturers will ignore security as long as possible, until their consumer audience demands it.  So let's stop, take a deep breath, and educate the public.

Rules to Remember

• If it's connected to the internet, it can be hacked.
• If it can be hacked, it can be manipulated.
• Everything that has data in transit or at rest should be encrypted.
• Encryption is not all created equal, so it should be verified.
• If it has a camera, someone might be watching you.
• If it has a camera, someone might be watching your internet traffic instead of you.
• If it has a password, change it to a strong code.
• If it doesn't have password protection available, ask why not.

Manufacturers will drag their feet until we, as buyers, make it clear that we want secure devices.  We should not be buying any connected devices that do not have privacy safeguards available.  Speak with your wallet and be patient until viable options are on the market.  And then, it will be game on for the Internet of Things!