The Gimlet Eye returns to once again cast a baleful gaze on All Those Connected Things, or the Plastic Fantastic Inevitable. Those 6.4 million Wi-Fi-connected tea kettles, smart fridge, remotely adjusted pacemakers (and other medical devices) plus home security two way video systems that accost the dodgy door ringer sound just peachy–but how good is their security? Not very, according to the experts quoted in this ZDNet article. It’s those nasty security flaws in IoT which were patched out 10 years ago on PCs that make them incredibly risky to have, as they can vector all sorts of Bad Things into both personal and enterprise networks. Their prediction is that a Connected Device with a big flaw will become molto popular and provide a Target a Hacker Can’t Refuse within two years. Or that some really clever hacker will write ransomware that will shut down millions of Connected Cars’ CPUs or disable the steering and brakes if 40 bitcoins aren’t placed in a brown paper bag and left on the third stool of the pizzeria at 83rd and Third.
Not much has changed since Eye wrote about those darn Internet Thingys last year [TTA 22 Sept 15]. The mystery is of course why these antique flaws are even part of the design. Designers being cheapskates? No consideration of security? Or, for the conspiratorially minded, capitalizing on lack of standards and neglect to facilitate a back door into software?
Of course we are not speaking about what we already know from Essentia Health’s test two years ago–that millions of connected or connectable hospital and healthcare devices run on severely outdated software, and likely will continue to do so because replacement costs are high and the manufacturer’s desire to upgrade old kit is correspondingly low.
The first big Internet of Things security breach is just around the corner. For those who like to lose sleep, click over to a related article on possible hacking scenarios with innocent devices. Also TTA 3 Feb 16. Hat tip to Mike Clark via Twitter.